This skill's purpose (analyzing your AWS costs) would normally require read access to AWS APIs or exported billing data, but the SKILL.md provides no mechanism for that. Before installing or using it: (1) Ask the publisher how the skill obtains AWS data — does it use AWS credentials, a role, or do you upload exported reports? (2) Never paste root or long-lived high-privilege keys into chat; if you must provide credentials, use a least-privilege, read-only IAM user or an ephemeral STS token limited to Cost Explorer and resource-listing permissions. (3) Prefer running the analysis yourself (AWS Cost Explorer, Trusted Advisor, AWS CLI) in a sandbox account and only share sanitized outputs. (4) Request concrete runtime instructions or code showing exactly which APIs/endpoints will be called and where data will be sent; without that, treat the skill as untrusted. If the author updates the skill to declare required env vars/credentials and shows exactly how AWS access is performed (and keeps everything read-only and local), reassess — that would move this toward benign. For now, the mismatch between what it says it does and what it actually requests is a red flag.