feature-implementation

SUSPICIOUS: the skill’s core behavior matches a TDD implementation assistant, but it has a broad execution footprint: autonomous code/doc changes, browser-driven acceptance testing, and optional database SQL validation. There is no clear malicious install path or third-party credential harvesting, yet the combination of MCP-powered browser/database access and write/exec capability creates medium security risk, especially if used against untrusted app content or non-development data.