learn

SUSPICIOUS: The skill’s core behavior fits its stated purpose of learning a codebase, and its network flow goes directly to GitHub via standard tooling. The main risk is that it fetches and analyzes arbitrary untrusted repositories while parallel agents can write local files, creating a meaningful indirect prompt-injection and external-content handling risk; install trust is otherwise moderate and there is no clear credential harvesting or exfiltration path.