sdd-explore

SUSPICIOUS: the core exploration behavior is benign and well-aligned, but the skill also promotes installation and execution of an unrelated third-party CLI from a personal project without pinning or verification. No credential harvesting or obvious exfiltration appears in the skill text, so this is not malicious, but the added supply-chain footprint is broader than necessary for a thinking/requirements skill.