knowledge-absorber

SUSPICIOUS: the skill's purpose is coherent, but its footprint is broader than ideal. The main issues are automatic dependency installation from an unseen requirements file and prompt-injection risk from ingesting untrusted external content, web-auditing it, and then writing outputs. No clear credential theft or exfiltration is shown, so this is not confirmed malware.