building-ui-bundle-app

SUSPICIOUS: the overall workflow is coherent for a Salesforce UI-bundle builder, but it expands trust through transitive sub-skill loading, unpinned npm installs, undocumented graphql-search.sh usage, and autonomous deployment/auth steps. No clear credential theft, exfiltration endpoint, or deceptive data routing is visible, so this is not confirmed malware.