paseo-handoff

SUSPICIOUS: the skill’s purpose is coherent, but it expands trust by requiring another skill, launches detached downstream agents with broad execution modes, and forwards comprehensive context to external tooling. The Paseo CLI appears official and npm-distributed, so this is not strong evidence of malware, but it is a meaningful agent-autonomy and delegated-trust risk.