zotero-gpt-guide

SUSPICIOUS: the skill's core purpose is coherent, and the GitHub release install path is plausible for a Zotero plugin, but trust is weakened by limited release-verification evidence and especially by support for arbitrary custom API endpoints that can receive both research content and API keys. This is not confirmed malware, but it carries medium security risk due to credential/data routing flexibility and release provenance concerns.