find-best-skill

SUSPICIOUS. The skill’s capabilities mostly match its stated comparison purpose, but it has a higher-than-normal trust footprint because it fetches arbitrary remote SKILL.md content and can run side-by-side subagents from those instructions. There is no clear malware behavior, credential harvesting, or off-platform exfiltration, but the combination of remote instruction ingestion, Agent execution, and Bash/WebFetch access makes it medium risk.