video-lens-gallery

SUSPICIOUS: the stated purpose is coherent and the visible actions are local and proportionate, but the skill depends on and instructs installation of a separate third-party skill from a personal GitHub repo, creating transitive trust and moderate supply-chain risk. No direct credential harvesting or exfiltration is evident in this skill text.