idea-discovery

SUSPICIOUS: the skill's research purpose is plausible, but its footprint is broader than necessary because it combines untrusted web ingestion, Bash execution, transitive sub-skill orchestration, silent actions, and automatic progression without explicit approval. No clear malware or credential-harvesting behavior is shown, but the autonomy and prompt-injection exposure make it a medium-high risk skill.