find-skills

The skill description is benign and purpose-aligned. It outlines legitimate workflows for discovering and installing open agent skills, with explicit guidance to keep installations project-local and to verify sources. While it references remote sources (skills.sh, GitHub) as part of normal supply-chain operations, this is expected in a modular skill ecosystem and does not implement any covert behavior within the analyzed fragment.