skill-installer

The skill-installer is functionally appropriate for listing and installing GitHub-hosted skills into a local Codex plugin directory. However, it presents moderate supply-chain and credential risks: it accepts tokens and uses system git (which can access SSH keys), performs network downloads without documented integrity verification, and writes arbitrary repository contents into an executable plugin directory (including possible overwrite of system skills). Recommend: require explicit user confirmation for installs, display/preview files to be written, enforce integrity verification (pin commit SHAs or verify signatures), restrict token usage and scope, avoid automatically forwarding credentials to third parties, and log operations without leaking tokens. Treat usage in automated/privileged environments cautiously until such mitigations are in place.