opengis-skills

If a user or agent runs this command, it can modify the target server by executing whatever the remote install script contains.

The documentation includes a visible one-line remote install script. It is a manual setup example for the documented mail platform, not code automatically run by the skill, but it would execute remote code if copied.

If followed blindly, an agent could run local scripts or GIS processing jobs that read or write user data.

The QGIS command reference documents running Processing models or Python scripts. This is expected for a QGIS automation skill, but arbitrary script execution should remain user-approved and scoped.

If a real token is supplied, an agent could perform actions allowed by that token, such as sending email through the configured service.

The documentation includes placeholder API-token usage for a mail-sending API. This is purpose-aligned integration guidance and there is no evidence the skill collects or stores tokens.

An agent using these examples could help create or trigger email campaigns if given access to a real server and token.

The BillionMail skill documents bulk/transactional email sending and API calls. This matches the described mail-platform purpose, but public communications are high-impact if automated without review.