agent-job-background

SUSPICIOUS. The visible purpose is coherent—background agent jobs in Docker with status checks—but the skill delegates autonomous code-changing work to a new containerized agent and may open PRs without per-action approval. Main risk comes from hidden implementation: unknown container image, unknown backend endpoint behind APP_URL, and possible forwarding of AGENT_JOB_TOKEN/USER_ID into another execution boundary. No evidence here of overt malware or a malicious installer, but the autonomy and opaque data flow make the skill medium-to-high risk.