gsap-core

Suspicious rather than malicious. The local skill is minimal and not directly harmful, but it mainly serves as a pointer to install another skill from an unavailable upstream source, so the true capability and trust boundary cannot be validated.