price-change

SUSPICIOUS. The skill is purpose-aligned and uses official-looking data flows, so it is not malware-like; however, it grants an AI agent broad authority to change production Stripe billing and push directly to main across multiple repos. This is a high-impact operational skill whose risk comes from autonomous real-world actions and broad write scope, not supply-chain behavior or credential theft.