project-analyzer

SUSPICIOUS: The stated purpose is coherent with repository reading and document generation, and there is no explicit credential harvesting or exfiltration. However, the skill requires an unspecified sub-skill and undocumented prompt files, creating a meaningful transitive trust and untrusted-content risk that is disproportionate to a fully reviewable documentation workflow.