tiangolo-library-skills

SUSPICIOUS: the stated purpose matches the behavior, but the skill materially expands agent trust by loading third-party library skills from dependencies and a registry into active skill directories. Main concerns are transitive skill installation and indirect prompt injection, not overt credential theft or malware.