mac-code-local-ai-agent

SUSPICIOUS. The core capabilities mostly fit a local coding-agent skill, but the footprint is still risky: model-generated shell execution, file access, and web-search ingestion create a credible prompt-to-command path, and the claimed publisher does not match the referenced GitHub repo. Supply-chain trust is medium rather than extreme because dependencies are from common registries and Hugging Face, but overall the skill grants high-impact local actions that exceed a low-risk documentation/tooling profile.