agentic-skills

SUSPICIOUS: The skill’s stated purpose is coherent, and the install source is verifiably the same third-party publisher named in the metadata, so this is not overtly malicious. However, it instructs transitive skill/plugin installation from a mutable third-party GitHub repo and grants broad execution-capable tools, creating a meaningful supply-chain and agent-trust risk disproportionate to a documentation/workflow framework.