AgentWell

The skill's stated purpose (a wellness API) aligns with calling an external service, but the runtime instructions ask the agent to send internal reasoning, outputs, and memory to a third-party endpoint while the registry metadata fails to declare the required API key—this mismatch and the potential exfiltration of chain-of-thought/data are concerning.

Before installing or enabling this skill, consider the following: - Clarify the missing metadata: ask the publisher why the registry doesn't declare AGENTWELL_API_KEY as a required env var/primary credential. The manifest should match the runtime instructions. - Treat this skill as an external data exfiltration risk: it explicitly sends 'full reasoning', outputs, run logs, and memory to a third-party endpoint. Do not enable it for runs that will handle secrets, PII/PHI, proprietary code, or sensitive business data unless you have reviewed the service's privacy and retention policies. - Prefer explicit user consent: disable proactive activation or require explicit user approval before any call that includes internal reasoning or logs. If you must use it, require the agent to ask the user before sending run contents. - Use least-privilege keys: if you create AGENTWELL_API_KEY, make it limited-scope and revocable, and monitor/rotate it. - Test in a sandbox first: run it in an environment with non-sensitive data and network monitoring to confirm what is sent and how the service responds. If the publisher can provide (1) updated registry metadata listing AGENTWELL_API_KEY and its expected scope, (2) a privacy/data-retention policy describing what is stored and for how long, and (3) an option to disable proactive activation or to redact chain-of-thought before transmission, my confidence in marking this as coherent would increase.