add-sample-data

SUSPICIOUS. The skill's purpose and Microsoft API targets are coherent, but it routes authenticated Dataverse operations through local plugin Node scripts that are not independently verifiable from the provided evidence. Because those executables handle Azure/Dataverse credentials or bearer-token-backed access, the security risk is high even without direct evidence of malicious exfiltration.