github-codebase-search

SUSPICIOUS: The skill's purpose broadly matches its capability, and the only declared credential is proportionate. However, instructing the agent not to inspect the script, combined with unverifiable script behavior and third-party API dependence, creates medium security risk. No strong evidence of malware or credential theft beyond expected Morph API use.