git-commits

SUSPICIOUS. The skill’s main purpose is not standard git hygiene but concealment: it explicitly removes Claude attribution so commits look user-authored. It also routes commits through an unseen `/commit` skill and local script, expanding trust without transparency. No clear credential theft or exfiltration is shown, so this is not confirmed malware, but it is a deceptive and moderately risky workflow.