context-hub

SUSPICIOUS: the stated purpose is coherent, but the skill expands trust to an external CLI and remote content, then instructs the agent to treat that content as authoritative. The biggest issue is indirect prompt-injection/transitive trust, plus default outbound feedback posting; there is no clear evidence of credential theft or malware.