tapd-bug-analyzer

SUSPICIOUS. The skill’s overall purpose is coherent, but it introduces moderate security risk through credential forwarding to a not-clearly-first-party MCP server, dependence on another unreviewed local skill, and execution paths influenced by untrusted bug content. No clear malicious intent or overt exfiltration is shown, but the trust and data-flow boundaries are broader than ideal for a bug analysis helper.