test-spec-gen

SUSPICIOUS. The core purpose is plausible, but the skill is overpowered for a test-spec generator: it combines silent multi-agent orchestration, external web/doc research, local config inspection, file writing, optional Trello actions, and delegation to other skills. The biggest concerns are indirect prompt injection from untrusted research sources and the transitive trust chain created by invoking additional skills; there is no strong evidence of outright credential theft or malware.