cti-domain-research

The skill is mostly aligned with its stated CTI research purpose, but it carries medium risk because it combines untrusted web research with Bash access and optionally forwards data into a separate unreviewed NotebookLM connector plugin. Nothing here confirms malware, but the transitive plugin trust and prompt-injection exposure make it suspicious rather than fully benign.