st-full-workflow

SUSPICIOUS: the workflow is mostly purpose-aligned and uses local relative scripts, but it grants broad autonomous repository-changing behavior and executes instructions sourced from project-local markdown hooks. The main trust gap is indirect instruction execution from repository content plus an unverifiable, unpinned npx initializer mentioned as the setup path.