external-pattern-integrator

SUSPICIOUS: the skill’s purpose is coherent, but its footprint is high-risk because it imports untrusted external content and turns it into local file modifications, command execution, and git commits. No clear credential theft or exfiltration is present, and the `uv` tooling appears official, so this is not malware; the main concern is indirect prompt injection and overly autonomous repository changes.