context-surfing

SUSPICIOUS. The core behavior is coherent for a context-management skill and data flow stays local, but the install model creates transitive trust in a personal third-party skill repo, and the hook/CLI integrations add medium supply-chain and prompt-injection exposure. No clear credential harvesting, exfiltration, or malicious intent is present.