ta-research-AFP

SUSPICIOUS. The core workflow is broadly consistent with a research-writing coordinator, and the only explicit install guidance points to a legitimate PyPI package. However, the skill expands trust transitively to many unnamed external skills, some of which perform web search and citation verification, without provenance or data-flow details. It also auto-reads local project files and executes a local bash/python assembly step. This is not clearly malicious, but the undeclared trust chain and automatic local execution make the footprint larger than a simple coordinator should have.