contact-finder-contactout

SUSPICIOUS: the skill's purpose is plausible, but its real data flow is through Gooseworks/Orthogonal rather than ContactOut's official API. Same-org install guidance lowers supply-chain concern, yet raw credential-file access plus third-party proxying of API keys and personal data makes the overall risk medium-high.