code-editor-switch

This skill's documentation and workflows are coherent with its stated purpose: changing macOS default editor associations using duti, with optional project-level discovery to broaden coverage. There are no explicit signs of credential harvesting, obfuscated payloads, remote exfiltration endpoints, or embedded malicious code in the provided fragment. However, the workflow relies on executing local shell scripts and installing a binary via Homebrew; those are the primary supply-chain and execution risks. The aggressive '--apply-public-data' option increases the potential impact by redirecting many non-code files. Overall, the fragment appears functional and purposeful, but it carries moderate operational risk because executing repository scripts and changing LaunchServices mappings are high-impact actions. Review and audit the referenced scripts (scripts/switch-code-editor.sh and scripts/discover-project-editor-tokens.sh) before running them, and avoid the aggressive public-data apply unless explicitly required and reviewed.