skill-autoinstaller

This SKILL.md describes a powerful auto-installer that legitimately needs to read repos, manifests, and perform installs. However, its supported install methods (download-and-execute binaries, scripts, package manager operations, and transitive skill installation) are high-risk supply-chain operations. The doc includes good-sounding audit checks and a permission model, but it lacks explicit enforcement mechanisms (cryptographic verification, sandboxed execution, strict blocking of runtime command execution, and explicit vetting gates). Because the tool will fetch and run code and installers referenced by possibly untrusted repositories, it presents a significant supply-chain risk unless additional safeguards (signatures, pinned versions, verified registries, sandboxed runtime, manual approval) are implemented. The provided content contains no direct evidence of an intentionally malicious payload, but the design permits common credential-harvesting and remote-execute supply-chain attacks if operated without strict controls.