curator-repo-learn

SUSPICIOUS: the skill’s core purpose is coherent, and its external network use is limited to normal GitHub cloning, but it analyzes arbitrary untrusted repositories while holding Bash, Write, and Task permissions. That makes indirect prompt injection and unpinned external content the main risks; there is no clear evidence of credential theft, third-party proxying, or malicious install behavior in the provided text.