visualize

SUSPICIOUS: the core visualization behavior is coherent and mostly benign, but the skill includes a silent remote version check and a transitive update path through an external CLI/registry. Its handling of third-party repo/blog content plus file-write/browser-open capabilities creates moderate prompt-injection risk, though there is no strong evidence of credential theft or exfiltration.