logo-design-guide

SUSPICIOUS. The skill's stated purpose is benign and the model calls fit logo generation, but the install and trust story is not fully coherent: it recommends `npx skills add belt-sh/cli` instead of the vendor's documented belt install paths, links to mutable raw GitHub install docs, and asks the agent to install additional skills. The main risk is supply-chain and transitive trust expansion rather than confirmed malicious behavior.