tdd-repair

SUSPICIOUS: the skill is internally coherent for automated test-driven repair and uses the official Claude CLI, so it is not strong evidence of malware. However, it grants a nested agent Bash+Edit capability over untrusted repo content and executes caller-supplied test commands, creating meaningful code-execution and prompt-injection risk that is disproportionate for untrusted projects.