teach-oh

SUSPICIOUS: the core repository exploration and AGENTS.md writing are coherent with project setup, but the skill also performs optional remote binary installation and installs additional hooks/agents from GitHub, creating notable supply-chain and transitive-trust risk. Data flows are not overtly exfiltrative, and the remote sources appear same-org, so this is better classified as a high-risk vulnerable skill rather than confirmed malware.