workflow-tdd-feature

SUSPICIOUS: the skill itself is a thin workflow orchestrator with no explicit credential theft or exfiltration, but it delegates substantial authority to opaque downstream slash commands with unclear provenance and forces broad sequential execution. Risk is mainly from transitive trust and autonomous multi-step action, not confirmed malware.