skill-marketplace

SUSPICIOUS. The skill's stated purpose is marketplace discovery, but its actual footprint is to autonomously import and execute third-party skills from an unofficial aggregator, creating a high-risk transitive trust chain. The main issue is not direct malware in this file, but unsafe supply-chain expansion, prompt-injection exposure, and execution of unvetted remote instructions.