cartography

SUSPICIOUS: The skill’s purpose and local file accesses are coherent for repository mapping, and no credential or network exfiltration is described. The main issue is execution trust: it depends on an undocumented custom helper at ~/.config/opencode/skills/cartography/scripts/cartographer.py whose provenance cannot be verified from the skill, so the install/execution footprint is higher-risk than the stated task requires.