church-harden

SUSPICIOUS. The stated purpose is coherent, but the skill’s core footprint depends on an unverified `church` CLI that reads repo content and may influence planning without any verifiable install source, publisher relationship, or documented data flows. No explicit credential theft or malicious endpoint is shown, but the opaque binary and unspecified research/network path make the skill high security risk.