research

SUSPICIOUS. The skill’s core behavior mostly matches its stated research purpose, and there is no obvious credential harvesting or third-party download chain. The main concern is proportionality: a research skill with Bash, Write, optional WebSearch, and mandatory subagent dispatch can process untrusted content and then take actions, which creates moderate prompt-injection and autonomy risk even without clear malicious intent.