build-train

SUSPICIOUS: the skill’s GitHub automation purpose is coherent, but its footprint is high-risk for an agent skill because it gives headless Claude workers broad repo action capability, feeds them untrusted issue content, and performs admin merges automatically. Install provenance is mostly legitimate, so this is not confirmed malware, but the autonomy and prompt-injection surface make it a high-risk workflow skill.