Grafana Dashboard Scaffolder

SUSPICIOUS: the functional scope fits Grafana dashboard scaffolding, and the stated API usage is broadly coherent, but the distribution path is not aligned with the declared Grafana source. The main risk is transitive third-party skill installation via `npx skills add agentskillexchange/skills`, which introduces supply-chain trust issues and unclear publisher provenance rather than clear malware or exfiltration behavior.