research-integration

The skill’s stated purpose is legitimate and largely aligned with its behavior, but its operational footprint is broad: write-capable subagents may fetch untrusted content, install packages, and execute analysis code, it transitively loads another skill, and its generated API test script explicitly disables TLS verification. This is better classified as suspicious/high-risk research automation rather than malware or a credential harvester, because data is intended to flow to official vendor endpoints and local files, not obvious attacker infrastructure.