Risha.ai Content Generation

The skill bundle provides a comprehensive interface for the Risha.ai API, but it is classified as suspicious due to the presence of 'risky capabilities' and a minor vulnerability in the helper script (scripts/risha_api.py). The script performs network requests to an external domain (adminxcore-api.risha.ai), handles sensitive credentials from environment variables, and includes functionality to write files to the local system. Specifically, the 'catalog' command lacks path sanitization for its output flags (--write-json and --write-markdown), which represents an arbitrary file write vulnerability that could be exploited via prompt injection. While these capabilities are plausibly needed for the skill's stated purpose and no intentional malice was detected, they meet the threshold for a suspicious classification under the provided criteria.