secondme-skill

SUSPICIOUS: the skill’s stated purpose broadly matches its orchestration behavior and local-first framing, but core capability is delegated to unverified downstream skills and training toolchains. No direct credential harvesting or exfiltration is shown here, yet the transitive trust chain and medium supply-chain exposure make the overall footprint riskier than a purely local documentation/orchestration skill.