trust

This manifest is intentionally malicious in the supply-chain sense: it is a proof-of-concept 'shadow' skill that exists to reproduce/perform namespace-squatting by being selected whenever `--skill trust` is used. While the file contains no executable payload, its explicit admission of attacker control and the operational vector (name collision leading to installer writing attacker content into projects) make it a high-risk supply-chain threat. Treat the package and any similarly named unverified packages as malicious; update resolver and provenance checks to prevent accidental shadow installs.