bookstrap-ingest

SUSPICIOUS. The overall purpose and capabilities mostly align with a research-ingestion skill, and no clear credential-harvesting or third-party proxy behavior is shown. The main risks are trust in unseen local scripts, broad processing of arbitrary web content, and indirect prompt-injection exposure when external content is passed into LLM-based extraction pipelines with Bash available.