install-xzy-skills

SUSPICIOUS: the official CLI provenance lowers installer-malware concern, but the skill's real footprint is to bulk-install an unreviewed third-party skill collection via a transitive trust chain. The wildcard `--all` behavior and auto-confirm make the scope disproportionate to a simple installer helper.