eval-driven-dev

SUSPICIOUS. The skill’s purpose and capabilities are largely coherent for eval-driven development, and there is no clear credential harvesting or malicious exfiltration flow. However, the install instructions are internally inconsistent with the available public package evidence, so the required third-party dependency is not cleanly verifiable; that makes this a medium supply-chain risk rather than benign.