orchestrator

SUSPICIOUS: the skill’s core purpose is plausible, but it normalizes high-autonomy operation with all permissions, remote project mutations, and execution of an undocumented local script from ~/.config. Official GitHub tooling lowers supply-chain concern, yet the unsupervised real-world actions and transitive trust expansion make the overall skill high risk.