find-skill

SUSPICIOUS: the stated purpose matches discovery/install of skills, but the skill's core behavior is to expand the agent's capability set by installing additional skills, which is inherently high-trust. Combined with direct reading of local credential files and lack of integrity guidance for installed skills, this is a meaningful security risk even without clear evidence of malicious intent.