skill-installer

SUSPICIOUS due to transitive skill installation and support for arbitrary GitHub repos, not because of clear malware behavior. Curated OpenAI-hosted installs are coherent and same-org, but the skill’s footprint expands trust to unreviewed third-party skills fetched from mutable refs and written into the agent’s skills directory.