init-app-stack

SUSPICIOUS. The main scaffolding behavior is broadly consistent with the skill’s purpose and uses mostly official developer tooling, so this is not malware-like. However, the skill also instructs transitive installation of third-party marketplace skills/plugins unrelated to simple app initialization, including an autonomous research skill, which makes the overall footprint broader than necessary and raises trust risk.