workflow-composer

SUSPICIOUS. The stated purpose matches orchestration, and the same-org GitHub marketplace install path is reasonably consistent with official plugin docs, so this is not confirmed malware. However, the skill is high-leverage: it can launch arbitrary other skills, execute Bash, automate retries/parallel flows, and even install community workflows, creating significant transitive-trust and indirect prompt-injection risk disproportionate to a simple workflow helper.