prompt-agent

SUSPICIOUS: the skill’s behavior is broadly consistent with a security-audit tool, but it relies on a remote download/install chain from a custom vendor release domain, has an acknowledged bootstrap trust gap, and establishes persistent scheduled execution. I found no strong evidence of credential theft, third-party interception, or purpose-incompatible access, so this is not malicious; the main concern is install-trust and persistence rather than data exfiltration.