forge-ship

SUSPICIOUS: The skill's capabilities mostly match its software-delivery purpose, but risk comes from autonomous unattended actions and the broader transitive trust model for installing a personal-repo skill via the `skills` CLI. No direct credential harvesting, exfiltration endpoint, or off-purpose behavior is visible in this fragment.