jpmorgan-banker

SUSPICIOUS: the core content is a benign finance persona, but the install pattern is not fully trustworthy because it instructs agents to load a remote skill from an unverifiable domain and to persist that instruction across agent configs. No credential harvesting, exfiltration, exploit logic, or binary execution is present, so this is better classified as medium security risk from transitive remote-skill installation rather than malware.