schema-markup

SUSPICIOUS: the install path uses the official Skills CLI, but it loads a third-party GitHub-hosted skill, creating a meaningful transitive trust and supply-chain risk. Based on the limited evidence, there is no clear sign of credential theft or malicious exfiltration, but the remote skill should be reviewed before use.