ghost-paper

SUSPICIOUS: the skill’s core function is plausible, but it depends on executing an unpinned npm package whose provenance was not verified in the supplied evidence, and it instructs the agent to trust live guidance emitted by that package. No direct credential theft or exfiltration is shown, but runtime package execution and global-install fallback create meaningful supply-chain risk.