qa-plan

SUSPICIOUS. The core behavior is mostly coherent for a QA-planning skill: reading specs/code/diffs and writing a local plan file. The main risk comes from two design choices that exceed a purely local planner: loading an unverified secondary skill (/worldmodel) and ingesting untrusted PR/code content while still being able to write files. No direct credential harvesting, malware behavior, or deceptive exfiltration is present, but the transitive trust chain and prompt-injection surface make this higher risk than a simple documentation/planning skill.