work

SUSPICIOUS: the core workflow is plausible for a project-execution skill, but its actual footprint is broader than necessary because it grants powerful write/exec capabilities and, most importantly, dynamically loads additional skills from prd.json content. No clear credential theft or exfiltration is present, but the transitive skill-loading and autonomous commit behavior make this a high-trust skill that should be treated cautiously.