pluginstaller

SUSPICIOUS: the skill's purpose is coherent, but it imports arbitrary GitHub plugin content into a trusted Codex plugin path and can trigger loading of untrusted instructions/code. No credential theft, proxy routing, or overt malware is shown, but the combination of remote plugin intake, local persistence, and agent/plugin activation makes this a meaningful supply-chain and prompt-injection risk.