indices-auth

SUSPICIOUS: The skill’s purpose and data flow are mostly coherent for CLI authentication, and it targets the official Indices API domain. However, the core dependency is an unverifiable external CLI with no documented install source or release provenance in the provided evidence, which creates a mandatory high supply-chain risk even without signs of overt malicious behavior.