sysdig-posture

SUSPICIOUS. The skill’s capabilities largely match its stated Terraform/Posture-authoring purpose and its credential handling is proportionate, but it introduces medium supply-chain risk by directing installation of an external MCP server through an unpinned `npx` path that does not match the indexed official install methods for the Sysdig-owned project. No clear malicious behavior or credential exfiltration is present in the skill itself.