github-sandbox-file-downloader

SUSPICIOUS: the skill’s main behavior matches its description, but it asks users to trust and fork a third-party repo unrelated to the named publisher, enable write-capable GitHub Actions, and ingest arbitrary remote files into the repository. This looks more like a risky automation pattern than confirmed malware.