backend-integration

SUSPICIOUS: the skill's stated backend-migration purpose is coherent with its capabilities, and the clone source appears to be the publisher's same-org GitHub repo rather than an arbitrary payload host. The main concern is the required replacement of AGENTS.md from that external repo, which imports new agent instructions and creates a transitive trust/instruction-injection path; this raises security risk above benign even without clear malicious behavior.