auth-setup

The skill's stated purpose (setting up Goldsky CLI authentication and project configuration) is not well-aligned with its actual footprint. It relies on downloading and executing an external script from a non-official domain, and it requires users to paste API tokens into chat, creating clear credential and supply-chain risks. While the intent is legitimate for assisting setup, the installation method and token handling introduce high risk that is disproportionate to a typical setup helper. Therefore, the skill should be treated as SUSPICIOUS to HIGH-RISK, with mandatory remediation to switch installation to a verifiable, signed package registry, and to implement secure, in-app token input (not chat-pasted tokens) and safer credential handling.