spec-verify

SUSPICIOUS: the skill is broadly aligned with its verification purpose, but it grants the agent substantial autonomous execution and file-modification authority, depends on external local tooling with partially unverifiable provenance, and can recurse into implementation. I see no clear credential theft or malicious exfiltration, so this looks like a high-power workflow skill with medium security risk rather than malware.