skill-hub-builder

SUSPICIOUS: the skill’s core purpose is coherent, but it materially increases risk by automating transitive installation and redistribution of third-party skills from arbitrary repositories. The main concern is not hidden exfiltration; it is the creation of a supply-chain and prompt-injection trust chain that can load unreviewed skills into an agent environment.