comet-design

SUSPICIOUS: the skill is mostly coherent for a design-workflow orchestrator, but it expands trust by mandating another skill, executing discovered local shell scripts, and auto-transitioning into the next phase. No clear credential theft or exfiltration is present, so this is better classified as a medium-risk workflow skill than malware.