Table Image

The skill instructs the agent to install an external Go binary (`tablesnap`) from GitHub using `go install`. While this action is plausibly needed for the skill's stated purpose, it introduces a significant supply chain risk by fetching and executing code from an external, potentially untrusted source. This grants the agent broad capabilities (network access, file system write, arbitrary code execution) without clear malicious intent within the `SKILL.md` instructions themselves, classifying it as suspicious rather than benign.