compiling-architecture

SUSPICIOUS. The skill’s behavior largely matches its stated purpose of compiling architecture artifacts, and there is no evidence of credential theft or exfiltration. However, the core compiler repo and its local scripts are not provenance-verified in the skill text, and pip installs from requirements.txt lack stated integrity controls, creating a meaningful supply-chain risk.