skillsman-manage

SUSPICIOUS: The stated purpose matches the behavior, but the skill is a lifecycle wrapper for installing other agent skills, so its main footprint is transitive trust in `npx skills` and whatever third-party skill sources that tool fetches. Official same-org documentation lowers maliciousness concerns, but the transitive installation model and broad downstream provenance make this a medium-high security risk rather than benign.