update-packages

SUSPICIOUS: The skill’s core purpose aligns with its package-update capabilities, and it does not request disproportionate credentials or route data to off-platform endpoints. Risk comes from local script execution, dependency supply-chain exposure, and especially the hidden transitive skill-update step driven by skills-lock.json, which broadens trust without showing the underlying sources.