church-spec-gate

SUSPICIOUS: the skill's purpose is coherent, but it depends on an unverifiable local `church` executable with repo-modifying capabilities and no trustworthy install/provenance details in the skill. No direct credential theft or exfiltration is shown, but the unknown CLI creates a high supply-chain risk.