find-agents

SUSPICIOUS: the skill’s purpose matches its behavior, but its footprint carries elevated risk because it executes `agentshq` via `npx` and installs arbitrary third-party agents from repos/URLs, creating a transitive trust chain. The explicit-user-only rules and clear mutation guardrails make it more coherent than malicious, but the install/update path is still high-risk for supply-chain reasons.