code-engine-create

SUSPICIOUS. The skill’s purpose and API/data flows are broadly coherent for Domo Code Engine package creation, and its explicit no-release rule is a positive control. However, the core workflow prefers an external CLI whose official publisher relationship and release provenance were not verified; because that binary is central to execution, the supply-chain risk is disproportionate enough to classify the skill as suspicious rather than benign.