self-improver

SUSPICIOUS: the core purpose is plausible, but the footprint is too powerful for a meta-skill. It can ingest untrusted skill instructions, run commands, mutate local skill files, install packages, and pull/reset from a third-party personal GitHub repo with author/source mismatch. Main concerns are supply-chain trust, autonomous modification, and indirect prompt injection rather than confirmed malware.