spec-forge-intake

SUSPICIOUS: The skill’s purpose and local file-writing behavior are coherent for a spec-intake workflow, and there is no evident credential harvesting or exfiltration. However, it requires an unverifiable external CLI with no trustworthy install or publisher evidence in the provided material, which is a significant supply-chain risk for an AI agent skill.