skillbox-quickstart

SUSPICIOUS: the skill's purpose and capabilities are mostly coherent for onboarding and provisioning a skillbox, but it carries meaningful security risk from broad local environment scanning, real infrastructure creation, repo syncing, and a same-org yet unpinned raw GitHub curl|bash installer. No clear evidence of malicious credential harvesting or off-purpose exfiltration was shown.