verify-bug

SUSPICIOUS. The skill is broadly aligned with UAT verification and uses official vendor ecosystems, so it does not look malicious. However, it asks the agent to extract credentials from Confluence and to autonomously modify JIRA workflow state, which is a disproportionate and sensitive operational footprint for a verification skill.