talent-sourcing

SUSPICIOUS: The skill’s core behavior matches talent sourcing and the Nimble dependency appears same-org and officially documented, so there is no strong sign of malware or credential theft. Risk comes from broad agent permissions, bypassPermissions sub-agents, external CLI/API dependency, and processing untrusted web content with write/exec capability; the unspecified distribution step adds uncertainty.