research

SUSPICIOUS. The skill's purpose broadly matches its capabilities, and there is no direct evidence of credential theft or malicious payload delivery. However, it combines untrusted external-content ingestion with Write/Bash access and delegates to multiple unreviewed sub-skills/modules, making the overall risk medium and driven mainly by indirect prompt-injection and transitive trust.