ops-orchestrate

SUSPICIOUS: the skill’s capabilities largely match its orchestration purpose, and external endpoints appear official, so this is not confirmed malware. However, it grants an AI agent unusually broad autonomous authority across repos and issue systems, processes untrusted external content with write/exec permissions, uses eval on task metadata, and handles multiple high-value tokens; that makes it a high-risk orchestration skill even without clear credential theft or covert exfiltration.