windsurf-webhooks-events

SUSPICIOUS. The skill is largely coherent as a VS Code/Windsurf extension-development guide and uses mostly standard registry-based tooling, so it does not look like outright malware. However, it normalizes capturing workspace/editor events and sending them to arbitrary webhooks, and it explicitly references `webhook.site`, a known capture endpoint. That makes the data-flow risk material and disproportionate for some users, especially if real file/terminal metadata is forwarded externally.