codebase-exploration

SUSPICIOUS: the core behavior is consistent with codebase onboarding, but the skill asks the agent to install another third-party skill via `npx skills add`, creating transitive trust, and it combines untrusted repository ingestion with execute/edit capabilities. No direct credential theft or exfiltration is shown, so this is better classified as medium-risk vulnerable rather than malicious.