sf-apex

SUSPICIOUS. The core Apex generation/review behavior is coherent and mostly benign, but the skill expands trust by instructing transitive installation of additional third-party skills from Jaganpro/sf-skills and references deployment through another skill. No clear credential harvesting, exfiltration, or malware behavior is present, yet the transitive install path and partially unverifiable package provenance make the overall skill medium risk rather than benign.