apply-template

SUSPICIOUS. The repo-template purpose partly matches file merging, but the actual footprint is broader: unpinned remote clone from a personal repo, execution of a cloned shell script, scanning of user-scoped Claude/Codex memory and config, and transitive installation of additional skills. These are disproportionate for a template-applier and create substantial supply-chain and trust-chain risk even without clear exfiltration.