coding-workflow

SUSPICIOUS: the core workflow guidance is benign and proportionate, but the skill expands trust by instructing installation of multiple external companion skills, including one with weaker provenance. Main risk is transitive skill installation and moderate remote supply-chain exposure, not direct credential theft or overtly malicious behavior.