prp-core-runner

SUSPICIOUS: the stated purpose matches PRP workflow orchestration, but the skill grants autonomous write actions (implement, commit, open PR) through an unverified underlying slash command whose implementation is not shown. No direct credential theft or exfiltration is evident, yet the hidden command and one-shot automation create meaningful execution and real-world action risk.