core-dynamic-skills

SUSPICIOUS: The core inline behavior is mostly coherent with the stated purpose and uses legitimate sources, so this is not malicious on its face. Risk is driven by transitive trust in undocumented companion commands/MCP infrastructure, untrusted docs content being transformed into local skill files, and destructive cleanup operations; overall medium security risk, low malware confidence.