test-harness

SUSPICIOUS: the skill's purpose and capabilities mostly align, and Anthropic CLI installation is official, but it asks the agent to install and execute an unpinned unscoped `vigiles` package whose official publisher relationship was not established from the provided evidence. No clear credential theft or malicious exfiltration is present, but install-trust uncertainty and executable third-party test tooling raise medium risk.