skill-builder

SUSPICIOUS: the stated purpose broadly matches skill creation/import workflows, but the footprint is high-risk because it imports third-party skills, relies on only partially verified external tooling, supports custom model endpoints, and can promote untrusted content into active agent directories. The main concern is transitive trust and prompt-injection exposure rather than confirmed malware.