community-signal-digest

SUSPICIOUS. The skill’s main behavior is coherent with community monitoring, and there is no strong sign of malware or credential theft. However, trust in key non-public tools like Tiger Den/Tiger Docs is not independently verifiable from the evidence, the skill processes untrusted external content with optional fetch/enrichment, and it auto-drafts public responses plus writes persistent records, which raises moderate operational and prompt-injection risk.