zai-orchestrator

SUSPICIOUS. The skill’s purpose and capabilities mostly align, and there is no clear credential harvesting or exfiltration path. The main concern is transitive installation of multiple dependent skills from a third-party repo plus prompt-injection exposure from untrusted web/repo content under broad tool scopes.