trace

SUSPICIOUS. The skill’s core capabilities mostly align with its stated discovery purpose, and it uses legitimate tools, but it expands read scope across multiple local repos, clones arbitrary user-supplied repos, and forwards findings to an unspecified Oracle MCP service. The main concerns are moderate data-flow opacity and prompt-injection exposure from searching untrusted repo and GitHub content with write capability.