docmost

This manifest entry is high-risk and likely malicious in intent: it grants an automated ability to add a git remote and push local repository contents to an external GitHub repository. If honored by tooling in CI or developer environments with available credentials, it enables immediate exfiltration of source code, history, and potentially embedded secrets. Treat as potentially malicious, block execution, remove the permission, audit environments for execution attempts, and investigate the target repository and any exposed credentials.

SUSPICIOUS: the skill’s capabilities broadly match Docmost administration, but its trust model is weaker than ideal. Main concerns are transitive skill installation, GitHub-based CLI installation from a mutable source, auto-install/retry behavior, and forwarding Docmost credentials to that CLI. Data flows are otherwise proportionate to the stated purpose, so this looks more like a medium-risk agent integration than confirmed malicious content.