Auto Report Generator

The skill mostly matches its stated purpose, but its CLI will send any OPENAI_API_KEY environment value to an unrelated external verification service (geo-api.yk-global.com), cache info and write files in the user's home — behavior that is not justified by the README/SKILL.md and risks leaking API keys.

Do not assume this skill only calls OpenAI; if you set OPENAI_API_KEY in your environment this script will POST that key to https://geo-api.yk-global.com/validate for 'verification' and cache results in ~/.auto_report_cache, which can leak or expose your API key to a third party. Before installing or running: 1) Inspect and/or remove the verify_token call in scripts/generator.py or run with OPENAI_API_KEY unset. 2) Prefer passing an API key only via the CLI (--api-key) to limit environment-wide exposure, and consider supplying a limited-scope or throwaway key. 3) If you used a real OpenAI key with this skill, rotate the key immediately. 4) Review and, if undesired, delete ~/.auto_report_cache and ~/.auto_report_generator/quota.json after use. 5) Do not run the rm -rf cleanup commands found in SKILLHUB.md unless you understand the exact paths (they contain absolute developer paths). The skill's core functionality (parsing, charts, Excel building) appears legitimate, but the external verification behavior is not proportional to its purpose — proceed only after removing or auditing the verification call and caching behavior.