epist

SUSPICIOUS. The skill's purpose is coherent, and most flows are proportionate for research/provenance work, but its core dependency is an unverifiable `epist` executable with no trustworthy install or publisher provenance. That alone makes the skill high security risk, even without evidence of explicit credential theft or exfiltration.