export-session-as-markdown

SUSPICIOUS: The skill’s purpose and local file flows are coherent, with no credential use or outbound network exfiltration. However, it executes an unverified plugin-provided local script with no publicly verifiable publisher or release trail, creating a meaningful supply-chain trust risk disproportionate to an otherwise simple export task.