run-with-it

SUSPICIOUS: the skill's core purpose matches orchestration, but it grants very high operational authority. The biggest risks are autonomous real-world actions, sandbox-bypassing child execution, and indirect prompt injection from GitHub content into write/exec-capable sub-agents. I do not see clear evidence of credential theft or covert exfiltration, so this is high-risk orchestration rather than confirmed malware.