skill-updater

SUSPICIOUS. The skill’s purpose and local file access are broadly coherent for skill maintenance, and the cited external endpoints are mostly official. The main concern is indirect prompt injection and trust expansion: it ingests external GitHub/Exa/arXiv content, can run Bash and edit files, and delegates to multiple other skills. Its explicit security scan, provenance logging, and confirmation gates reduce but do not eliminate that risk.