god

SUSPICIOUS. A skill é majoritariamente coerente com o objetivo de produzir specs e usa integrações oficiais esperadas, sem cadeia clara de download-execute. O principal risco vem de hooks em linguagem natural, publicação externa opcional e delegação a outras sub-skills não fornecidas, o que amplia ações e fluxos de dados além de uma simples skill documental.

SUSPICIOUS: the core git/PR automation is consistent with the stated purpose and uses official GitHub tooling, but the skill is high-impact because it executes repo-defined natural-language hooks and performs autonomous external actions like push/PR creation. Risk comes from hook execution and broad agent capabilities rather than overt malware or suspicious supply-chain behavior.

SUSPICIOUS: The skill’s core capabilities broadly match its stated purpose as a development workflow orchestrator, and the visible execution path relies on local scripts and official tooling rather than unverifiable binaries. Risk is elevated by broad agent permissions, hook-driven arbitrary instructions, external publishing targets, and ingestion of untrusted Jira/Figma content while retaining write/exec powers. This looks coherent but high-trust; use only with explicit user approval for outbound publishing and git/PR actions.