deepvista-recipe-export-knowledge-as-skills

SUSPICIOUS: The recipe’s core behavior is coherent and mostly local, but trust is weakened by unverified DeepVista CLI provenance, an unnecessary `uv` requirement, and explicit transitive skill loading/install behavior. No direct credential theft or exfiltration is shown, so this is better classified as medium-risk supply-chain and trust-chain exposure rather than malware.