climate-generator

SUSPICIOUS: the skill is broadly coherent with its stated purpose, but it materially expands an agent's footprint by turning remote OpenAPI input into generated code/binaries and enabling GitHub publication with tokens. The main concerns are untrusted-spec-to-code generation, credential forwarding to an external CLI, and real-world publishing actions; there is no clear evidence of credential harvesting or deceptive exfiltration.