Gong

The skill bundle is designed to interact with the Gong API, requiring credentials stored in `~/.config/gong/credentials.json`. Both `SKILL.md` and `scripts/gong.sh` demonstrate standard API interaction patterns using `curl` and `jq`. The `SKILL.md` file contains no prompt injection attempts. The `gong.sh` script uses standard shell utilities and does not exhibit any signs of data exfiltration to unauthorized endpoints, malicious execution, persistence mechanisms, or obfuscation. While user input for `call_id` is directly embedded into a JSON string in `gong.sh`, this is unlikely to lead to shell injection due to `curl -d` quoting and would primarily result in API errors rather than local code execution or data compromise, thus not meeting the threshold for 'suspicious' or 'malicious' behavior.