onboardingV2

SUSPICIOUS: the core LaunchDarkly onboarding behavior is coherent, and data flow appears aimed at official LaunchDarkly usage, but the skill's main risk is transitive installation of additional remote skills via `npx skills add`. That expands trust beyond the declared skill and grants companion skills broad code-editing and execution ability. No clear credential theft or malicious exfiltration is evident, so this is better classified as medium/high security risk rather than malware.