clinical-reports

SUSPICIOUS: the core reporting guidance is coherent, but the skill overreaches by mandating a separate community skill for figure generation when handling sensitive clinical content. The main concern is transitive installation and unclear PHI data flow through an unpinned third-party dependency, not confirmed malware.