ah-implement-tasks

SUSPICIOUS: the core purpose is coherent for a coding orchestration skill, but its footprint is broader than a simple task implementer. Main concerns are transitive skill loading, ingestion of untrusted external content into write/exec-capable subagents, unpinned npx tooling, and automatic commits. No clear credential theft or exfiltration behavior is shown, so this is not malicious, but it is a medium-high risk automation skill.