comet-verify

SUSPICIOUS: the core verification workflow is broadly aligned with its purpose, but it relies on broad local shell sourcing and mandatory transitive skill loading, including an ambiguously sourced external skill. The main risk is inherited trust and arbitrary local code execution during build/test and branch operations, not confirmed malware or direct credential theft.