work-item-delivery-loop

SUSPICIOUS: the skill’s behavior mostly matches its stated purpose, but it enables autonomous code changes and task-system write-back while depending on an unpinned third-party MCP bridge (`mcp-remote`) that likely handles authentication en route to One Horizon. Data flows are broadly consistent with the product, so this is not confirmed malware, but the combination of third-party credential mediation, untrusted task-content ingestion, and write/exec authority makes it a medium-high security risk.