gen-test-plan

SUSPICIOUS rather than malicious: the skill’s purpose largely matches its capabilities, but it mixes untrusted repository analysis with executable plan generation and autonomous real-world-style testing actions. Main concerns are prompt-injection exposure from repo content and the downstream execution of generated commands; install trust is comparatively low risk and data flows remain local/project-scoped.