stream-docs

SUSPICIOUS: the core docs-search behavior is aligned and constrained to official getstream.io content, but the embedded no-confirmation `npx skills add` step introduces medium supply-chain and transitive-install risk that is larger than a pure documentation skill should need. No clear credential theft or exfiltration is present, so this is not malicious, but it is not fully benign due to remote skill installation.