sdd-init

SUSPICIOUS. The core behavior mostly matches the stated purpose of project initialization, but the footprint is somewhat broader than necessary: it scans multiple user-level skill directories and persists project context plus a skill registry to an unspecified Engram backend. No direct malware indicators, credential harvesting, remote installer abuse, or obvious malicious data routing are present in the provided text, but the external persistence path and broad local discovery make it medium risk rather than benign.