engineering-advanced-skills

SUSPICIOUS: the index file is coherent as an engineering skill bundle, but it instructs transitive installation through an unrelated third-party CLI using unpinned `npx`, which materially raises supply-chain and trust-chain risk. No direct credential harvesting or exfiltration is visible in this excerpt, so this is not confirmed malware.