productlane-automation

SUSPICIOUS: The skill is broadly coherent with Productlane automation and uses same-org Composio/Rube infrastructure, so it is not clearly malicious. However, it routes discovery, auth, and action execution through a third-party MCP intermediary rather than direct Productlane APIs, and the always-search-first workflow lets remote tool metadata influence later actions. Medium risk from intermediary trust, credential delegation, and remote execution shaping.