ship-it

SUSPICIOUS: the skill’s purpose and core capabilities are broadly aligned, but it is a high-impact orchestration skill that autonomously changes code and raises a PR, while delegating critical behavior to unspecified subskills and an unseen local tracker backend. The main concerns are autonomous action, transitive trust, and prompt-injection exposure rather than confirmed malware or direct credential theft.