install

SUSPICIOUS: the stated purpose matches the behavior, but the footprint is high-risk because it automatically installs other skills from manifest-controlled repositories using a broad, unpinned source model. The official CLI provenance reduces malware certainty, yet transitive skill installation with non-interactive execution makes the overall security risk high.