cxas-agent-foundry

SUSPICIOUS. The skill’s capabilities mostly match its stated purpose, but its execution trust is incomplete: it depends on an unverifiable `cxas` CLI, a black-box setup script, and transitive sub-skill instructions that were not provided. No clear credential harvesting or exfiltration path is visible, so this does not rise to malicious, but the operational footprint and opaque tooling make it medium-to-high risk.