interrogate-me

SUSPICIOUS. The skill’s behavior is broadly consistent with its stated purpose: interrogate the user, inspect the codebase, and update local docs. The main concern is install trust, not in-skill behavior: it is installed via transitive `npx skills add` from a personal GitHub repo with weak provenance and no clear signed release trail. No credential harvesting, hidden network exfiltration, or disproportionate permissions are evident from the skill content itself.