kaggle

SUSPICIOUS: the skill is mostly coherent with a Kaggle integration and routes data to official Kaggle endpoints, but it has a broad action surface with real account side effects, untrusted-content processing plus Bash capability, and optional third-party skill-install channels that expand trust beyond Kaggle or the repo itself. No strong evidence of credential theft or covert exfiltration was shown.