agent-toolkit-setup

SUSPICIOUS. The skill’s stated purpose matches its basic API and .env behavior, but it forwards credentials to an unconstrained, not publicly verified base URL and then loads remote skill instructions into agent context. That combination is coherent with a registry client, yet the trust boundary is too weak to treat as benign.