ecosystem-orchestration

The file itself is not an immediate code payload, but it prescribes running a centralized installer that will install multiple transitive skills without providing provenance, pinned sources, or verification steps. This pattern creates a substantial software supply-chain risk: a compromised installer or upstream package can gain agent privileges and perform malicious actions (exfiltration, credential harvesting, destructive operations). Recommend: do not run install_all.py until its contents and all transitive manifests are audited; require explicit per-skill sources, pinned versions, checksums or signatures, interactive per-skill permission grants, and network endpoint whitelists. Treat the installer and any transitive installs as high-risk until audited.