web-search

SUSPICIOUS. The skill’s purpose broadly matches its capabilities, but it relies on an external same-org CLI with curl|sh installation, routes search/extraction traffic through inference.sh rather than directly to Tavily/Exa, forwards credentials into that CLI, and instructs transitive skill installation. This is not confirmed malware, but it carries meaningful supply-chain, credential-trust, and prompt-injection risk.