subagent-orchestration

SUSPICIOUS: the skill’s purpose matches its orchestration behavior, and it does not show credential theft, exfiltration endpoints, or external download-execute installers. However, it grants the agent broad autonomous control over a codebase after one approval, including file modification, subagent chaining, and execution of repository-defined build/test commands, creating meaningful operational and prompt-injection risk.