content-repurposing

SUSPICIOUS: The skill’s capabilities mostly match its content-repurposing purpose, and the `belt` installer appears to be official same-org infrastructure rather than a random payload. Risk comes from remote installer execution, credential handling through the inference.sh platform, optional public posting to X, broad Bash permission, and transitive skill installation. This is not confirmed malware, but it is higher-risk than a simple documentation skill.