octocode-search-skill

The skill is coherent with its stated purpose, but that purpose is inherently high-risk because it installs arbitrary third-party agent skills from GitHub. Main concern is transitive trust and indirect prompt injection from untrusted SKILL.md content, not overt malware or credential theft.