agent-job-secrets

SUSPICIOUS. The skill’s stated purpose matches its behavior, but that behavior is high-risk: it enables an AI agent to enumerate and retrieve secrets and refreshed OAuth tokens via an unspecified remote endpoint. No obvious malicious installer is present, yet the combination of credential access, remote retrieval, and unverified APP_URL makes this a sensitive skill that should be treated as medium-high security risk rather than benign.