Bp Reporting Templates

The skill mostly matches its stated purpose (filling BP report templates from a BP API) but contains provenance and metadata inconsistencies and a few implementation oddities that warrant caution before installing.

What to check before installing: - The skill requires a BP API key (BP_APP_KEY or COMPANY_APP_KEY) though the registry metadata omits this; do not provide credentials until you confirm the skill's source. - Verify the base_url (https://sg-al-cwork-web.mediportal.com.cn/open-api) is your trusted BP API endpoint. Supplying an app key will cause network requests and BP data to be sent there. - Review the included scripts locally (scripts/*.py) — the package is codeful (not just prose) and will execute when used. Look for any endpoints or behavior you don't expect. - Run the tool in an isolated environment (separate account/least-privilege API key, or sandbox container) first to observe behavior and network calls. - Note the package provenance is weak (source unknown, homepage not a project repo). Prefer skills published by known internal teams or on a repo you control. - If you must use it, provide the minimum-privilege app key, and consider using BP_PERIOD_OPTIONS_JSON or file fallback instead of a full-production key for initial testing. - There are a few implementation oddities (e.g., registry vs SKILL.md env mismatch, minor code/typo issues in main.py) — expect to test before relying on it in production.