team-coordinate

SUSPICIOUS. The skill’s coordination purpose is plausible, but its actual footprint is very broad: wildcard tool access, dynamic runtime prompt generation, background worker spawning, and shell-capable subagents. The biggest risk is indirect prompt injection and over-autonomous execution across generated worker roles. No direct credential theft or exfiltration is shown, but the capability set is disproportionate and high-risk for a generic orchestration skill.