curator

SUSPICIOUS. The skill’s overall purpose is coherent, and its network targets appear consistent with GitHub/local vault usage, but it grants a powerful agent broad read/write/exec capabilities to autonomously ingest untrusted repository content and persist learned outputs. Main risk is indirect prompt injection and over-broad autonomous execution, not confirmed malware or credential harvesting.