cli-anything-dify-workflow

SUSPICIOUS: the stated purpose is coherent with local workflow-file manipulation, but install trust is weaker than expected because the skill requires direct GitHub installs, including a mutable branch from an unrelated third-party repo. No evidence of credential harvesting or exfiltration is present, so this looks like a supply-chain risk and trust issue rather than malicious behavior.