ralph-init

SUSPICIOUS: the core local setup behavior is coherent, but the skill expands into enabling autonomous git/PR actions, suggests disabling sandbox protections for discovery, executes an unseen bootstrap script, and instructs transitive installation through a third-party skills CLI unrelated to Anthropic's native skill path. This is not confirmed malware, but its trust footprint is broader than a simple one-time project initializer.