ai-do

SUSPICIOUS: the skill's stated routing purpose matches its behavior, but it materially increases trust exposure by instructing installation of other skills from a third-party repository and by ingesting remote skill content to guide actions. No clear credential theft or exfiltration is present, so this is not malicious, but the transitive-install and remote-instruction pattern makes it medium risk.