omg

SUSPICIOUS. The skill’s stated orchestration purpose broadly matches its behavior, but its actual footprint is disproportionately large: it installs and wires together many third-party tools from different publishers, modifies multiple agent configs, and enables automatic processing of untrusted browser/annotation content with Bash and Write access. The main risks are supply-chain trust, transitive skill/plugin installation, and prompt-injection-style action chaining rather than confirmed malware or explicit credential theft.