agent-skill-creator

SUSPICIOUS: the skill’s core purpose is plausible, but its actual footprint is too autonomous and expansive. It ingests untrusted external content, generates executable artifacts, installs skills into agent directories, and can create/push remote repos or registries, creating high transitive-trust and prompt-injection risk. Install provenance is same-publisher but still uses mutable remote execution, so this is best classified as high-risk vulnerable behavior rather than confirmed malware.