mega-code-skill-enhance

SUSPICIOUS. The skill’s core behavior matches its stated purpose, but it evaluates potentially untrusted skill prompts, reads local auth material, performs substantial file modifications, and can upload artifacts to an unspecified remote server. The main concern is prompt-injection and remote data-flow risk rather than confirmed malware.