A skill is executable trust — you install someone’s instructions and their scripts into an agent that can touch your files, your keys, your machine. A supply chain needs a gate. These are that gate.
Score any skill or repo 0–8 for danger, with file:line evidence, before you trust it.
More categories — token-efficiency, rag, memory, tools — as they’re built.