OpenFleet

The skill is classified as suspicious due to its reliance on `npx` to execute an external npm package (`@open-fleet/mcp-server`) as described in `SKILL.md`. While the stated purpose is legitimate, this introduces a significant supply chain risk, as the behavior of the external package is not directly controlled or reviewed within this skill bundle. The agent is instructed to execute code from an external source, which could potentially be compromised to exfiltrate the required `OPENFLEET_API_KEY` or perform other unauthorized actions. There are no explicit prompt injection attempts or direct malicious instructions within the provided `SKILL.md`.