QMD - Quick Markdown Search

The skill is classified as suspicious due to the installation method and the inherent risks involved. The `SKILL.md` instructs the agent to install `qmd` via `bun install -g https://github.com/tobi/qmd`. This command downloads and executes code from a remote GitHub repository, introducing a supply chain risk. While the tool's stated purpose of local markdown search is benign, and the instructions to the agent are operational guidance rather than malicious prompt injection, the act of installing arbitrary remote code and granting it broad local file system and network access (for model downloads) constitutes a meaningful high-risk behavior without clear malicious intent, aligning with the 'suspicious' threshold.