gdd

SUSPICIOUS: the provided top-level skill is mostly coherent as a development-task orchestrator and shows no direct credential theft, exfiltration endpoint, or suspicious installer. However, it has broad execution authority, references missing sub-skills that likely contain the real operational logic, and implies autonomous git/PR actions without clear confirmation gates. Based on the file alone this is not malicious, but it carries medium security risk due to deferred trust and broad capabilities.