agent-reference

SUSPICIOUS: the skill is broadly coherent with its stated purpose of generating reference reports, and it uses official local tools plus optional official GitHub CLI access. The main risk is privacy scope: it instructs the agent to mine extensive local session history, memory files, and repo activity to build a profile of the user, so misuse or accidental publication could expose sensitive personal or project details even though no clear credential theft or third-party exfiltration is present.