genkit

Overall, the skill is purpose-aligned and provides substantial functionality for building and deploying AI workflows. However, the installation path includes a high-risk download-and-execute pattern from an unverifiable remote source, which in combination with credential usage and cloud deployment capabilities makes the footprint suspicious. The core capabilities themselves are coherent with the described purpose, but the bootstrap process and potential broad access during deployment create significant security concerns that would require mitigations (e.g., pinning/install verification, clearly documented trusted sources, and per-project credential scoping). Given the mix of legitimate capabilities and notable risk vectors, classify as SUSPICIOUS with elevated security considerations until the download/install trust chain is replaced with verifiable, signed, or registry-based distribution.