Marktplaats

The skill is classified as suspicious due to the `getListingDetails` function in `src/api.js`. This function accepts a `urlOrPath` parameter and will fetch any `http` or `https` URL if the input starts with either protocol. While intended for Marktplaats listing details, this broad network access could be exploited for Server-Side Request Forgery (SSRF) to probe internal networks or access unauthorized external resources if an attacker can control the input (e.g., via prompt injection against the agent or crafted CLI arguments). There is no explicit malicious intent like data exfiltration or remote code execution, but the capability to make arbitrary outbound requests is a significant risk.