vibe-add-feature

SUSPICIOUS: The stated purpose fits a component-scaffolding skill, but install trust is only partially transparent. The main concern is transitive installation of the iblai CLI via another skill plus unpinned `npx` execution and optional third-party shadcnspace registry use; there is no direct evidence of credential harvesting or malicious exfiltration in this file alone.