looping-tasks

No overt malicious payload (e.g., exfiltration endpoints, backdoor logic, or stealth behavior) is present in this wrapper alone. However, it contains a high-impact supply-chain execution surface: it executes arbitrary shell commands via eval of WORKTREE_SETUP, and it also executes repository-provided scripts (loop/loop.sh and optionally .worktreesetup) and copies files based on .worktreeinclude patterns. If WORKTREE_SETUP or the repository contents/pattern files can be attacker-influenced (including via CI env injection or compromised dependency/repo), this can become arbitrary code execution during the workflow.

SUSPICIOUS: the skill is coherent with its stated purpose, but that purpose is high-risk automation. Its main concern is not malware or exfiltration; it is autonomous code execution and commits, especially with --dangerously-skip-permissions and untrusted repo content flowing into write/exec-capable Claude sessions.