portfolio-prospecting

SUSPICIOUS: the shortcut itself is minimal and not overtly malicious, but it delegates control to a separate meta-skill and additional docs, creating a meaningful transitive-trust risk. The main concern is indirect execution of unreviewed downstream instructions rather than direct credential theft or malware behavior in this file.