learn

SUSPICIOUS. The skill’s purpose and file access are mostly coherent for a marketing knowledge-base workflow, and there is no direct evidence of credential theft or off-platform exfiltration. However, it requires an unverifiable local executable (intelligence-graph.py), which triggers a high security-risk floor, and the broader project evidence shows same-org but still risky download-execute install patterns. Overall this looks more like a high-risk, unverifiable internal automation dependency than confirmed malware.