pp-craigslist

SUSPICIOUS: the skill’s Craigslist analysis purpose mostly matches its read-only capabilities, but it depends on external CLI/MCP installation and includes optional arbitrary webhook/output delivery that broadens data egress beyond what the core task needs. The main risk is supply-chain trust and outbound routing, not confirmed malicious behavior.