ops-merge

SUSPICIOUS: the skill’s purpose matches its repo-management behavior, but its operational footprint is very high-risk. The main issues are autonomous code modification/merging across repositories, admin-level merge capability, prompt-injection exposure from untrusted PR/CI content, and especially execution of an unverifiable local helper binary (ops-merge-scan), which forces high security risk even without direct evidence of malware.