contract-intelligence-review

The skill is broadly aligned with its stated contract-review purpose and does not show malware-like install or execution behavior. The main risk is data-flow trust: sensitive contract contents and API keys are routed to arbitrary OCR/LLM endpoints defined by environment variables, so backend legitimacy and handling cannot be verified from the skill itself.