ai-specialist

The skill’s stated purpose is coherent with local data remediation, but its core execution model is unsafe: it feeds untrusted data to a model and then `eval`s the model’s returned Python. That makes the footprint disproportionate to a remediation skill claiming deterministic, safe, zero-egress operation. Overall this is suspicious/high-risk from code-execution and prompt-injection exposure, not confirmed malware.