tdd-migration-pipeline

SUSPICIOUS: the skill is broadly coherent as a migration orchestrator and shows no direct credential theft or exfiltration, but it expands trust to other skills and lets delegated agents process untrusted code/repo content while writing and executing changes. The main risk is transitive-skill trust plus indirect prompt injection through external code inputs, not confirmed malware.