warehouse-init

SUSPICIOUS. The skill's core behavior broadly matches schema discovery, but it depends on a sibling local CLI with unverifiable data handling and reads home-directory warehouse config, creating moderate trust and credential-handling risk. No clear exfiltration endpoint or overtly malicious behavior is shown; the main concerns are opaque transitive execution and prompt-injection exposure from scanning untrusted repo content while writing files.