build-skill

SUSPICIOUS: the core behavior matches a skill-building assistant, but it introduces avoidable transitive trust by invoking a third-party skill and then persisting synthesized instructions into the user's skill directory. No direct credential theft, exfiltration, or malware behavior is visible, so this is better classified as medium security risk from transitive instruction supply chain rather than confirmed maliciousness.