skill-finder

SUSPICIOUS: the stated purpose is coherent, but this skill materially increases risk by instructing the agent to discover, fetch, and temporarily install third-party skills from outside the curated catalog. Its safeguards (catalog pre-check, sandbox eval, mandatory pinning) reduce but do not remove the transitive-install, supply-chain, and prompt-injection risks inherent to evaluating untrusted skills.