sync-template

SUSPICIOUS. The core sync behavior is coherent, but the skill's footprint goes beyond template synchronization by automatically installing fetched files as project and global Claude skills/commands. Trust is further weakened because content is fetched from a mutable personal GitHub repo by branch name rather than pinned commits or signed releases. No direct credential theft is evident, but the transitive skill installation and global file writes make this higher risk than a normal template-sync skill.