configure-claude-plugins

SUSPICIOUS: the skill's stated purpose matches its behavior, but it materially expands trust by configuring a third-party plugin marketplace inside write-capable GitHub Actions. The main risks are transitive plugin installation, untrusted comment/PR-triggered agent execution, and broad repo permissions in CI rather than clear evidence of malware.