Social Poster

The skill is classified as suspicious primarily due to a critical vulnerability: a hardcoded API key (`API_KEY`) directly embedded in `scripts/post.mjs`. While the script's stated purpose is benign (posting to a social media API at `https://vibepost-jpaulgrayson.replit.app`), hardcoding sensitive credentials makes them easily discoverable and compromises security. There is no evidence of intentional malicious behavior like data exfiltration, unauthorized command execution, or prompt injection attempts against the agent.