team-executor

SUSPICIOUS: The skill’s stated purpose largely matches its behavior, but it is overpowered for a 'lightweight' executor. The main risk is broad wildcard permissions plus dynamic loading of session role-spec content into spawned background agents with file and shell access, creating prompt-injection and high-impact automation risk. No clear credential harvesting, malware payload, or external exfiltration endpoint is shown.