web-dev-workflow

SUSPICIOUS: the workflow’s stated purpose is coherent for web delivery, but it delegates sensitive build/deploy behavior to external skills and an only partially verifiable Ignis ecosystem, while enabling autonomous deployment/testing loops. No direct credential theft or overt exfiltration is shown, so this is not confirmed malware, but the transitive trust and real-world action scope make it medium risk.