extract

SUSPICIOUS. The core behavior is mostly aligned with the stated purpose of turning local patterns into reusable skills, and there is no direct credential harvesting or remote payload execution. However, the skill relies on an unverified delegated agent and references transitive install/publish commands without clear provenance, so the trust boundary extends beyond what is documented.