sales-medallia

SUSPICIOUS: the core Medallia-help behavior is coherent and low risk, but the skill includes transitive installation instructions to an unverified `sales-skills/sales` namespace that does not match the declared Medallia publisher. No credential theft or exfiltration is evident, so this is not malicious; the main issue is supply-chain and transitive-trust risk.