find-skills

SUSPICIOUS: the skill's stated purpose matches its behavior, and it uses an official documented CLI, so it is not overtly malicious. However, its core function is to discover and install third-party skills from GitHub or other sources, creating a transitive trust risk amplified by auto-confirmed installs and limited security verification.