autoresearch

SUSPICIOUS: The skill’s core purpose matches its capabilities, but it normalizes high-autonomy operation with --allow-all, unattended overnight experimentation, and automatic repository changes. The Copilot CLI provenance appears official, so supply-chain concern is limited; the main risk is autonomous modification of prompt/code assets with broad local execution and write access.