Gousto Meal Picker

The skill's requirements and behavior align with its stated purpose (automating Gousto meal selection via the Gousto API using browser-based auth); nothing looks disproportionate or surreptitious.

This skill appears to do what it says, but take these practical precautions before using it: 1) Verify and install agent-browser from a trusted source — it will hold your session cookies. 2) Put gousto-auth.json and config.json where the script expects them (or edit the script to point to your workspace); the README and script paths differ. 3) Treat gousto-auth.json as sensitive (chmod 600) and store it only on machines you control. 4) Run with --dry-run first to confirm selections and inspect network activity if you can. 5) Schedule cron jobs conservatively (don't enable automatic ordering until tested). 6) If you ever suspect token compromise, re-login/revoke tokens via Gousto and remove saved state. 7) If you want extra assurance, review the full gousto-pick.mjs source (it uses execSync and shell commands) or run it in an isolated environment.