skill-creator

SUSPICIOUS. The core purpose is benign and mostly aligned with the instructions, but the skill expands trust through transitive skill activation and encourages unpinned third-party CLI execution during research-driven workflows. There is no clear credential theft or exfiltration behavior, yet the combination of external content ingestion and open-ended package execution makes the skill higher risk than a simple documentation guide.