risk-management-specialist

SUSPICIOUS: the available evidence shows a legitimate-looking but trust-expanding install flow that fetches a separate CLI and then installs a third-party skill from GitHub. With no visibility into the skill's actual SKILL.md contents, permissions, credential requirements, or outbound endpoints, the main concern is transitive trust and runtime installer risk rather than confirmed malicious behavior.