post-deploy

SUSPICIOUS: the skill’s core behavior fits a post-deploy automation purpose, and its visible network/data flows stay with expected services (GitHub, possibly AWS ECR). Risk comes from autonomous execution and especially the team-configured `custom` shell action, which lets repo/team configuration drive arbitrary commands with Bash and Write access.