indexion-plan-docs

SUSPICIOUS: the documented purpose is coherent and data flow appears local, but the skill relies on an external `indexion` binary whose official ownership and release provenance were not verifiable from the evidence. No credential theft or exfiltration is shown, yet the unverifiable core dependency makes this a high supply-chain risk skill.