research-coordinator

[Skill Scanner] Installation of third-party script detected This skill appears functionally coherent for coordinating research: it reads workflow SKILL.md files, decides on a workflow, dispatches subagents, and synthesizes results. It is NOT directly malicious (no obfuscated payloads, no hardcoded exfiltration endpoints). However, it grants broad privileges to spawned subagents (Bash, Read, Write, network-capable CLIs) and instructs forwarding local SKILL.md contents and the user's $ARGUMENTS. Those design choices create a realistic credential-exfiltration and arbitrary-command execution risk if a subagent, CLI, or underlying environment is compromised. I rate this as a medium security risk: acceptable for controlled/trusted environments but dangerous if used on untrusted hosts or with sensitive local data. Recommend tightening permissions: avoid forwarding entire local files, restrict shell access, and limit network endpoints and environment exposure. LLM verification: No explicit malware or obfuscated backdoor was found in the SKILL.md fragment. The content appears functionally legitimate for a research-coordinator agent. However, the design grants broad, unnecessary privileges to spawned subagents (Bash + Read + Write) and directs installation of local CLI tooling via an editable pip install. These choices create a realistic supply-chain and data-exfiltration risk: subagents could read local files or environment variables (including API keys) and send them t