harness-setup

SUSPICIOUS: the core setup behavior is mostly coherent and the Codex CLI install path is official, but the skill also instructs transitive installation/update of arbitrary Claude plugins by `owner/repo`, extending trust beyond the stated setup scope. No direct credential theft or exfiltration is evident, so this is better classified as elevated supply-chain risk than malware.