KiloCode

The skill bundle describes a CLI tool ('kilocode') with high-risk capabilities, including arbitrary command execution, file system access, and browser interaction. The documentation (SKILL.md) contains deceptive information, citing non-existent AI models (e.g., GPT-5.2, Claude 4.6, Gemini 3.1), and the metadata (_meta.json) contains a future-dated timestamp (2026). While no explicit malicious code or exfiltration logic is present in the provided files, the combination of broad permissions, autonomous execution modes, and false claims suggests a deceptive or untrustworthy package.