oss-skill

SUSPICIOUS: the skill’s stated purpose is coherent, but it mixes broad untrusted-content ingestion with file creation and helper-script execution, creating meaningful indirect prompt-injection risk. No clear credential harvesting or malicious exfiltration is present, so this looks like a high-risk research/automation skill rather than confirmed malware.