spec-kitty-dashboard

SUSPICIOUS: the stated purpose is a workflow wrapper, but its real functionality is delegated to an unverifiable external CLI/plugin with no provenance or install trust evidence. The skill also instructs the agent to trust that opaque output over local context, which is disproportionate and creates a high supply-chain and transitive-trust risk even without clear evidence of credential theft.