create-star-skill

SUSPICIOUS. The skill’s stated purpose is plausible, but the distribution model is weaker than expected: it asks users to trust and load an unpinned third-party GitHub skill directly from a personal repo into the agent workspace, outside the documented platform install flow. No confirmed credential theft or malicious exfiltration is shown in the provided text, but the install trust and transitive skill-loading risks are material.