iblai-new-app

SUSPICIOUS: The skill's stated purpose is coherent for app scaffolding, but its core behavior relies on an unverified external CLI and even offers a mode that hands an API key to that CLI. The transitive addition of skills/MCP tooling further expands trust beyond simple scaffolding. No clear evidence of deliberate malware or credential exfiltration is present, but the install and credential-forwarding trust model is not strong enough to treat as benign.