typeui-cli

SUSPICIOUS. The stated purpose is coherent, but the skill's main behavior is to execute an external CLI and pull remote markdown into agent skill locations, creating transitive-trust and indirect prompt-injection risk. No clear credential theft or exfiltration is present, so this is not confirmed malware, but it carries meaningful supply-chain risk.