install-script-generator

SUSPICIOUS. The skill’s footprint broadly matches its stated purpose, but it goes beyond script generation into autonomous system modification, mandates a git pull from whatever origin is configured, and may emit/install via package-manager paths that include official yet mutable remote installers. No clear credential theft or exfiltration is present, so this is better classified as medium-risk operational/supply-chain exposure rather than malware.