simplify-pr-claude

SUSPICIOUS. The stated goal is plausible, but the skill mainly instructs the agent to fetch and run an unpinned external package with broad shell capability and limited transparency. This is a high supply-chain and transitive-trust risk, though not confirmed malware.