comprehensive-enrichment

SUSPICIOUS. The skill’s enrichment purpose broadly matches its capabilities, but it reads raw credentials from a local file and sends all sensitive lookup data through Gooseworks’ proxy rather than directly to the named providers. Same-org Gooseworks branding reduces the chance of outright malware, yet the proxy data flow, aggressive personal-data collection, and incompletely verified unpinned `npx` install make the overall skill medium-high risk.