find-skills

SUSPICIOUS: the skill is largely aligned with its stated purpose and includes strong user-consent guardrails, but its main function is transitive trust expansion into third-party skills. The largest risks are supply-chain exposure from arbitrary skill installs and indirect prompt injection from reviewing untrusted skill content; the optional Snyk scan also sends content off-host with disclosure. Not malicious, but medium risk by design.