capa-officer

SUSPICIOUS. The main concern is provenance and transitive trust: the skill could not be directly reviewed, appears under inconsistent publishers, and is installed from remote GitHub sources through skill-loading CLIs. There is no confirmed malicious behavior, but the unreviewed remote installation path and publisher inconsistency make this a medium/high supply-chain risk.