search1api

SUSPICIOUS/medium risk. The skill's capabilities mostly match its stated search/research purpose, and the requested API key is proportionate. Main concerns are the pipe-to-shell installer, credential forwarding into an external CLI, and high indirect prompt-injection exposure from arbitrary web content. No clear evidence of credential theft or malicious exfiltration beyond the expected Search1API service flow.