markmap-viz

SUSPICIOUS. The stated purpose is coherent with the rendering capabilities, and there is no clear exfiltration or credential-harvesting behavior. The main risk is install/execution trust: the skill relies on an unspecified MARKMAP_MCP_SCRIPT and MCP wrapper with unverifiable provenance from the skill text, so the executed component cannot be confidently tied to an official same-org source.