procedural-fish-render

SUSPICIOUS. The stated capability matches the skill’s purpose, but its core behavior is to fetch and run project code from a fixed repository that is currently not publicly reachable or verifiable, using a mutable branch. That makes the install/execution trust disproportionately weak for a rendering helper even without direct evidence of credential theft.