gtm-enrichment-deep

SUSPICIOUS: the skill’s enrichment purpose is plausible, but its actual data flow routes user PII and bearer-authenticated requests through a Gooseworks proxy instead of directly to the named providers, and it reads a raw local credential file. This is not confirmed malware, but the proxy-mediated architecture and limited public verification make the trust model weaker than the description suggests.