skill-installer

SUSPICIOUS: the stated purpose matches the capabilities, but the skill’s main function is transitive installation of third-party skills from mutable, unauthenticated sources, including an unofficial aggregator. Its review/confirmation steps reduce risk, yet they do not remove the fundamental supply-chain and trust-extension hazards of installing other skills.