dev-pain-finder

SUSPICIOUS: the skill’s purpose and browsing behavior are broadly coherent, but it routes public-web research through a third-party authenticated CLI/service and the install instruction mismatches TinyFish’s official documented package name. Main risks are supply-chain/install trust and indirect prompt injection from untrusted scraped content, not confirmed malware.