share-a-library

SUSPICIOUS: the skill’s purpose and capabilities mostly align, but it combines unpinned third-party CLI execution, public GitHub publishing, and transitive agent-install generation. The main concern is not hidden malware behavior; it is the high-impact trust chain and risk of oversharing local workspace contents through public publication and downstream skill installation.