oss-contributor-swarm

SUSPICIOUS: the skill’s stated purpose matches its GitHub automation footprint, and the listed external tools appear official, so this is not confirmed malware. However, it grants an AI agent continuous autonomous public write access and processes untrusted GitHub content while editing code and responding to reviews, creating high operational and prompt-injection risk disproportionate to a normal assistive coding skill.