skill-search

SUSPICIOUS: the stated purpose matches search-and-install behavior, but the footprint is high risk because it acts as a transitive skill installer. It pulls unpinned community skills from many third-party repos and persists them into active skill directories without strong provenance checks, enabling supply-chain compromise and prompt-injection-through-content risks.