add

SUSPICIOUS: the core manifest-editing behavior is coherent, but the skill is a transitive skill loader for arbitrary GitHub sources and analyzes untrusted remote SKILL.md content. Main concerns are third-party skill trust and indirect prompt injection, not confirmed malware or direct credential theft.