inno-code-survey

SUSPICIOUS: the skill’s purpose is coherent, and data flows go to official GitHub endpoints, but it asks the agent to search for and clone arbitrary third-party repositories without pinning or provenance checks, then inspect that untrusted content using terminal and write capabilities. This creates medium-high supply-chain and indirect prompt-injection risk, though there is no strong evidence of credential theft, covert exfiltration, or confirmed malicious intent.