TARDIS

The skill is classified as suspicious due to the explicit 'ACTION: Triggers' feature documented in SKILL.md and README.md, which allows milestone messages from the plaintext `meters.json` file to be executed as agent instructions, creating a direct prompt injection vector if local file access is compromised. Additionally, the `scripts/check-webhook-services.sh` script actively starts a `cloudflared tunnel` to expose a local service to the public internet, a high-risk capability, and both Python scripts read environment variables from potentially sensitive locations like `/root/.env` and `~/.env`.