skill-forge

SUSPICIOUS: the skill's stated purpose matches a meta-skill that researches and writes new skills, but its footprint is broad and risky for that role. The main concern is indirect prompt injection and persistent propagation of untrusted external content into future auto-loaded skills, plus transitive trust in subagents/other skills. No direct credential harvesting, malicious exfiltration, or unverified binary installer was found.