skills-router

This 'skills-router' manifest is a high-risk supply-chain facilitator. The file itself is not directly malicious and contains helpful routing guidance and prudent cautionary notes. Nevertheless, it systematically encourages installing and executing many third-party skills using npx and unpinned GitHub/registry sources. That operational model creates a significant attack surface: download-and-execute, transitive trust expansion, and plausible exfiltration paths for local project files and credentials. Recommendations: require human approval for all installs; mandate pinned SHAs or cryptographically signed releases; prefer installing from curated registries with integrity checks; run any installer in an isolated sandbox or ephemeral container; restrict installed skills' access to secrets and local files; and add automated pre-install checks (owner reputation, Snyk/OSS scan, supply-chain attestations). Treat this manifest as sensitive and do not use it to drive autonomous installs without added safeguards.