skyll

The provided fragment is documentation for a skill-discovery service (Skyll) and contains no executable or obfuscated code and no hardcoded credentials. It is not itself malware. However, the documented design — fetching and injecting full SKILL.md content from a remote service into an agent's execution context — introduces a moderate to significant supply-chain/runtime risk: a malicious or compromised skill (or a compromised central API) could cause agents to exfiltrate secrets, call attacker endpoints, or execute dangerous commands. Use of this service should be accompanied by strong mitigations (signing/provenance, sandboxing, capability whitelists, human review).