orchestrate

SUSPICIOUS. The core workflow is coherent for delivery orchestration, but the skill expands trust by requiring a separate `/browser-qa` skill and sends QA screenshots to a third-party public host (img402.dev). Those data-flow and transitive-install patterns are disproportionate enough to raise concern even though the overall purpose is legitimate.