octocode-search-skill

SUSPICIOUS. The skill is largely coherent with its stated purpose and includes meaningful approval gates, but it processes untrusted external skill content and supports transitive installation of third-party skills into agent environments. Main risk is indirect prompt injection and trust extension through marketplace/GitHub skill installs, not confirmed malware or credential theft.