competitive-ads-extractor

SUSPICIOUS: the visible wrapper is narrowly scoped and not overtly malicious, but it instructs the agent to install an upstream skill bundle from an unpinned GitHub path. That transitive installation step is the main risk; absent the upstream bundle contents here, the trust chain is broader than necessary for a simple catalogue entry.