read-file

SUSPICIOUS. The core behavior matches a DuckDB-based file reader, but the footprint is broader than a minimal read utility: it can install extensions, persist secret configuration, and invoke other skills for installation and docs. Data flows mostly align with purpose and do not point to clear exfiltration, but the transitive skill installation and third-party/community extension usage raise medium trust and credential-handling risk.