workflow-greenfield-init

SUSPICIOUS: the skill’s purpose is coherent as a workflow orchestrator, but it grants broad autonomous execution across research, planning, coding, testing, and docs with little visible gating. Main risk is recursive/indirect prompt injection from web research combined with downstream file and execution actions, not confirmed malware or credential theft.