comet-open

SUSPICIOUS: the stated workflow purpose is plausible, but the skill’s real footprint includes mandatory transitive skill loading, sourcing of a discovered local shell script, and autonomous progression to the next phase. The main risk is trust expansion and unreviewed code execution rather than confirmed malware or direct exfiltration.