skill-auditor

SUSPICIOUS. The skill’s purpose is coherent, but its footprint is broad: it reads untrusted skill content, may execute bundled scripts or call documented APIs, and writes modified outputs. This creates substantial transitive-trust and indirect prompt-injection risk even without clear malicious intent in the auditor itself.