spots

The skill is classified as suspicious due to two high-risk capabilities outlined in `SKILL.md`. First, the `go install github.com/foeken/spots@latest` instruction involves downloading and executing code from a remote source, which introduces a supply chain risk. Second, the `op://Echo/Google API Key/credential` instruction directs the agent to interact with a credential manager (1Password) to retrieve a sensitive API key. While these actions are presented as necessary for the skill's stated purpose, they represent powerful capabilities that could be exploited under different circumstances, thus exceeding the threshold for a benign classification.