iii-engine-config

SUSPICIOUS. The core configuration guidance is coherent, but the skill reaches beyond passive config into installing registry-sourced worker binaries and auto-executing them. Same-project Docker references lower concern somewhat, yet undocumented worker provenance, child-process spawning, and unspecified telemetry endpoints make the overall footprint higher-risk than a simple engine-config skill.