spec-forge-architecture

SUSPICIOUS: the skill’s stated planning purpose is coherent with its local file reads/writes, and there is no sign of credential theft or external exfiltration. The main issue is install/execution trust: it relies on an opaque `spec-forge-cli` with no verified official provenance in the provided evidence, which makes the skill higher risk than a pure documentation-only workflow.