plugins

SUSPICIOUS: the skill is coherent as an extension manager, but its footprint is high-risk because it installs and republishes third-party skills/plugins from broad sources into multiple agent ecosystems without strong provenance controls. No direct credential theft or clear exfiltration is shown, but transitive skill installation and untrusted SKILL.md ingestion make this a significant supply-chain and prompt-injection risk.