healthcare-providers-extract

SUSPICIOUS. The stated purpose is legitimate and the actions mostly align with healthcare-provider extraction, but the skill has a broad execution footprint: wide Bash access, sub-agent orchestration, local memory/profile reads, optional third-party distribution, and heavy processing of untrusted web content. This looks more like an overpowered enterprise workflow skill than malware, with the main concern being medium security risk from prompt-injection and broad agent permissions rather than clear exfiltration or credential theft.