get-brand-assets

SUSPICIOUS: The skill's purpose is coherent, but its data flow is not direct. It reads a raw local API key and sends requests through a Gooseworks proxy rather than the official downstream API path, and it includes an unverified `npx` login/install step. This looks more like a managed gateway integration than malware, but the proxy routing and configurable `api_base` create meaningful credential and data-flow risk.