forge

SUSPICIOUS. The stated purpose is coherent for a workflow skill, and there is no clear credential harvesting or exfiltration path in the visible text. However, it expands trust to repo scripts, repo-owned skills, qmd, and an external CLI, with installation/sync behavior hidden behind `bun run sync:local`. That makes the skill moderately risky due to transitive trust and supply-chain opacity, not confirmed malware.