Evolution Api Go - Evo Go

The skill bundle is classified as suspicious due to its extensive use of `curl` commands to interact with a user-defined external API (`EVOGO_API_URL`), handling of sensitive API keys (`EVOGO_GLOBAL_KEY`, `EVOGO_API_KEY`) in HTTP headers, and the explicit capability to read local files (e.g., `file=@/path/to/file.jpg`) and upload them to the configured API endpoint. While these capabilities are plausibly needed for its stated purpose of WhatsApp automation, they represent significant high-risk behaviors that could be leveraged for data exfiltration if the `EVOGO_API_URL` is malicious or if the agent is prompted to upload sensitive local files, even though there is no clear evidence of intentional malicious behavior from the skill developer itself. All indicators are found in `SKILL.md`.