ai-music-generation

SUSPICIOUS. The skill’s core function matches AI music generation, but trust is weakened by a mutable raw-GitHub install reference, CLI naming inconsistency (`belt` vs current documented `infsh`), broad Bash permission, and explicit transitive skill-install instructions. Data flows are broadly proportionate to the stated purpose, so this is not confirmed malware, but it carries meaningful supply-chain and trust-chain risk.