verify-sources

SUSPICIOUS. The stated purpose is coherent, but the skill depends on an opaque custom MCP tool that cannot be independently verified from the provided evidence, and it has broader-than-necessary execution permission via Bash. No direct credential theft or overt malicious behavior is shown, but trust and data-flow transparency are insufficient for a benign classification.