provenance

SUSPICIOUS: the core purpose is legitimate and mostly aligned, but the skill expands its trust boundary by invoking third-party CLIs (`ao`, `cass`) to inspect session history, with `cass` introducing notable supply-chain risk and transcript-processing injection exposure. No direct credential harvesting or explicit exfiltration is shown, so this is not confirmed malware, but it is a medium-high risk skill footprint for its stated task.