field-dev-code-recon

SUSPICIOUS. The skill's purpose mostly matches its capabilities, and there is no suspicious installer or third-party credential routing. However, it combines untrusted external content ingestion with write access, GitHub issue creation, and git push, enabling indirect prompt injection and autonomous public/repo-affecting actions beyond a low-risk research skill.