process-dedup-review

SUSPICIOUS. The skill’s purpose and data handling are mostly coherent for a process dedup review workflow, and its remote enrichment uses same-ecosystem TianGong credentials. However, the core functionality delegates to an external tiangong CLI whose official provenance and install path were not verified from the available evidence, yet that CLI receives API credentials and performs network calls. That supply-chain trust gap is the main driver of risk, not confirmed malicious behavior.