global-intel-summary

Key things to consider before installing: - Mismatch between promise and implementation: The SKILL.md promises comprehensive RSS aggregation, alerting, and Binance-first crypto verification, but the only code provided (get_market_data.py) only queries CoinGecko and two Yahoo Finance endpoints and contains no RSS parsing or alert logic. Ask the author for the missing components or an explanation of how RSS aggregation and Binance verification will be performed. - Network access: The instructions expect the agent to perform broad web searches and fetch many external feeds. If you allow this skill to run, it may retrieve content from many third-party sites. Run it in a sandbox or with network controls if you want to limit exposure. - Credentials and rate limits: SKILL.md names services (Binance, CoinMarketCap, some government feeds) that sometimes require API keys or have rate limits. The package requests no credentials—clarify whether API keys are needed and why they are not declared. - Functional testing: Before relying on outputs for decision-making, test the skill in a safe environment to verify that it actually collects from the claimed sources, respects the 24-hour freshness rule, and correctly flags ALERT keywords. Ask for unit tests or logs demonstrating RSS fetches and alert detection. - Source and provenance: The skill's homepage and source are unknown. Request the upstream repository or provenance information (license, authorship, links to the referenced 'situation-monitor' repo) to increase trust. What would change this assessment: if the author provides the missing code that implements RSS ingestion, alerting, and Binance/CMC access (or documents why those sources are only optional), or if the skill were trimmed to match the actual implemented scope (market data only), the assessment would move toward 'benign'. Conversely, discovery of hidden endpoints, undeclared credential usage, or code that exfiltrates data would elevate the concern.