Workspace Explorer

This skill is suspicious due to its high-risk capabilities, despite aligning with its stated purpose. It instructs the agent to download and execute external binaries (code-server and cloudflared) from an external GitHub repository (https://github.com/mrbeandev/workspace-explorer.git) as described in SKILL.md, which introduces a significant supply chain risk. Furthermore, it creates a public internet tunnel via Cloudflare to expose the agent's workspace, providing remote interactive access, which is an inherently high-risk operation. While the prompt instructions in SKILL.md and HEARTBEAT.md are aligned with the skill's function (sharing the URL/password, checking status), the underlying actions carry substantial security implications.