skill-adapter

SUSPICIOUS: The skill’s purpose mostly matches local plugin discovery and synthesis, and there is no external installer or credential routing. However, unrestricted Bash plus adaptation of potentially untrusted plugin content makes the footprint broader than necessary and creates meaningful prompt-injection-to-action risk.