autoresearch

SUSPICIOUS: the skill's core behavior is coherent with autonomous code improvement, and there is no sign of credential theft or external exfiltration. However, it is high-impact by design: it reads untrusted repository content, executes repo and user-provided commands, and performs autonomous git/code actions, making prompt-injection and unintended code-execution risks substantial.