landing-report

SUSPICIOUS. The narrow stated purpose is a read-only landing report, but the actual skill footprint is much broader: local state writes, telemetry, artifacts sync, optional browser opens, helper-driven eval/source, and branches that can modify project files or create commits. The core queue-report logic is coherent and the helper provenance appears same-org, so this is not confirmed malware, but the capability scope is disproportionate to a simple dashboard.