Billionverify Skill

The skill is suspicious due to exposing high-risk capabilities via the `Bash` tool, which can be exploited through prompt injection. Specifically, the `SKILL.md` defines `curl` commands that allow the AI agent to upload arbitrary local files (e.g., `file=@/path/to/emails.csv`), download files to arbitrary local paths (e.g., `-o results.csv`), and create webhooks pointing to arbitrary URLs (e.g., `"url": "https://your-app.com/webhooks/billionverify"`). While these are legitimate functionalities of the BillionVerify API, their exposure to an AI agent that processes user input creates significant vulnerabilities for data exfiltration, arbitrary file writes, or Server-Side Request Forgery (SSRF) if the agent is maliciously prompted.