feature-dev-complete

SUSPICIOUS: The skill’s broad capabilities mostly match its stated purpose, but it carries medium-high risk because it combines untrusted web intake, autonomous code generation, unpinned `npx` execution, repo writes, and default PR creation. The main concern is unsafe orchestration and trust expansion rather than clearly malicious intent.