update-acumen

SUSPICIOUS: the skill’s stated purpose matches its behavior, but that behavior is inherently risky because it installs/syncs unpinned third-party skills from a mutable GitHub repo into active agent skill directories. This is mainly a transitive trust and supply-chain risk, not confirmed malware.