handover

SUSPICIOUS: the skill’s core documentation purpose is plausible and mostly aligned with AEM project analysis, and its network calls go to Adobe-owned endpoints rather than an unrelated proxy. However, it broadens risk by installing/running Playwright, extracting an auth cookie from browser storage, persisting that token locally, and delegating to multiple sub-skills/agents with broad permissions. This looks more like a high-trust orchestration skill than malware, but its credential handling and transitive execution make it medium risk.