lyft

SUSPICIOUS: the skill’s stated persona purpose is benign, but its installation method uses a transitive remote-skill loading pattern through ~/.claude/CLAUDE.md and a mutable GitHub raw URL, with a repo/publisher mismatch that weakens trust. No credential theft or direct malware behavior is evident.

Best report is Report 3’s framing: while no executable malware appears in the snippet itself, it operationalizes a supply-chain/prompt-injection pathway by pulling remote SKILL.md and persisting its contents into system prompts/custom rules for multiple developer/agent tools without integrity verification. Risk is therefore primarily about untrusted instruction persistence; review/pin the remote content (hash/signature) before applying and treat it as untrusted until verified.