prd-loader

SUSPICIOUS. The core purpose is coherent for a PRD loader, but the skill is riskier than necessary because it prefers invoking unspecified other skills/MCP servers and can fetch arbitrary external content while retaining write/edit/bash-capable execution context. No direct credential harvesting or malicious exfiltration is shown, but transitive trust and prompt-injection exposure make it medium risk.