cosense

SUSPICIOUS: The skill’s read/write Cosense capabilities match its stated purpose, but install trust is weaker than it should be because it uses an unpinned `bunx`-executed npm CLI whose official provenance is not established in the provided evidence. Handling a raw `connect.sid` session cookie and passing it to that CLI is proportionately risky. No clear malicious exfiltration or unrelated capability is shown, but the credential-forwarding and runtime package execution make this higher-risk than a typical documentation-only skill.