team-harness

SUSPICIOUS. The skill’s core behavior fits its stated purpose, and its referenced tooling is largely official, so there is little evidence of malware or credential theft. However, it meaningfully increases operational risk by encouraging autonomous multi-agent loops, broad permissions, and `--dangerously-skip-permissions`, while processing potentially untrusted project content with write/exec capability. This is a high-risk orchestration skill rather than a malicious one.