chezmoi-management

SUSPICIOUS: the skill’s core purpose is coherent for personal dotfile management, but it also triggers automatic installation of additional Claude skills from external repos via APM. That transitive install behavior and broad writes into ~/.claude and shell/config files make it higher risk than a plain chezmoi guide, though there is no clear evidence of credential theft or malicious exfiltration.