github-code-search

SUSPICIOUS: the skill’s purpose and capabilities mostly align, but it expands trust to a third-party MCP service and mixes untrusted external content retrieval with local code execution guidance. Main concerns are transitive trust and indirect prompt-injection risk, not confirmed malware or credential theft.