survey-generator

SUSPICIOUS: the core survey-writing behavior is coherent, but the skill mixes arbitrary WebFetch input with Write+Bash and forwards prompts/credentials to provider-selected endpoints, including third-party or custom gateways. Main risk is indirect prompt injection and credential/data routing beyond official APIs, not confirmed malware.