speckit-wizard

SUSPICIOUS: the core spec-generation behavior is benign and locally scoped, but the skill also enables autonomous code changes, validation, and commits while referring to loosely defined Ralph/Archon integrations. No clear credential theft or exfiltration is present, yet the implementation-loop footprint is broader than a documentation/spec wizard and merits medium risk.