onboardingV2

SUSPICIOUS. The core behavior matches LaunchDarkly onboarding, and most data flows point to official LaunchDarkly services and official SDK packages. Risk comes from transitive skill installation via `npx skills add`, especially the less-verifiable `launchdarkly/experimental-agent-skills`, plus automatic credential handling and silent file writes. This looks coherent with its purpose but carries medium supply-chain and delegated-execution risk.