npx-skills

SUSPICIOUS: the skill is internally consistent as a guide for the `npx skills` ecosystem, but its core purpose is transitive installation of third-party AI agent skills from remote sources. That makes it meaningfully risky even without clear malicious intent, because untrusted skill instructions inherit agent permissions and can affect multiple agents or global scope.