pp-fathom

SUSPICIOUS. The core purpose is coherent for a Fathom analytics skill, and the required Fathom API key is proportionate, but the skill’s real footprint depends on trusting external CLIs and includes optional arbitrary webhook delivery for synced meeting data. That combination makes it higher risk than a normal documentation-only skill, mainly due to supply-chain trust and data-exfiltration potential rather than confirmed malicious intent.