data-export

SUSPICIOUS. The skill’s stated purpose and data-export behavior are largely aligned, and the referenced destination API semantics match official vendor capabilities. However, the actual execution path depends on unspecified MCP connectors with unverifiable provenance and unclear credential routing, while the skill handles sensitive marketing and contact data and can apply external sharing permissions. This is not confirmed malware, but it carries medium risk due to third-party connector opacity, outbound data transfer, and privacy impact.