agent-bootstrap

SUSPICIOUS: the local validation/configuration behavior fits the stated bootstrap purpose, but the remote-skill installation model is disproportionate and internally inconsistent with the stated 'no external dependencies' principle. The main risk is transitive trust and supply-chain exposure through unpinned `npx skills add` and arbitrary raw/git URL installs, not confirmed malware.