portfolio-prospecting

SUSPICIOUS. The wrapper skill's stated purpose is plausible, but it is not self-contained: it delegates control to a meta-skill and, based on the provided evidence, likely relies on Deepline-managed tooling and third-party key forwarding. The same-org installer evidence prevents a malicious classification, but the transitive skill loading, opaque session governance, and curl|bash install path make the overall risk medium.