secrets

SUSPICIOUS. The skill’s stated purpose broadly matches secret management, but its actual footprint relies on an unverifiable `secrets` CLI and forwards credentials into unnamed CLI/MCP processes. Missing install provenance and opaque downstream executables make the trust and data-flow model disproportionate for a security-sensitive skill.