cursor-coding-agent

SUSPICIOUS: the skill is purpose-aligned as a Cursor delegation guide, but it materially expands execution trust by routing coding tasks to an external proprietary agent, often with `--trust` and optional background execution. No clear credential harvesting or covert exfiltration is present, so this is not confirmed malware; the main concern is high operational/supply-chain risk from delegating repo access and actions to a largely unverifiable external CLI.