strada

SUSPICIOUS. The skill’s functionality is mostly coherent for an observability platform, but its core dependency footprint is not publicly verifiable: the `strada` CLI and `@strada.sh/sdk` cannot be tied to an official open-source observability publisher from the evidence, while the public Strada domain appears to belong to a different product. Because the skill requires an unverifiable external CLI and has it handle org-wide ingest tokens, the security risk is high even without direct evidence of malicious exfiltration.