create-task

SUSPICIOUS: the skill's purpose matches its capabilities, including blockchain escrow funding, but it enables high-impact financial actions through an external CLI invoked as unpinned `@latest`. The main concerns are mutable supply-chain trust and real-world transaction capability; there is no clear evidence of credential theft or unrelated data exfiltration in the provided content.