work

SUSPICIOUS: The skill’s capabilities mostly match its purpose as an agent-owned implementation workflow, and it does not show credential harvesting or rogue data-routing. However, it grants the agent autonomous external actions (commit/push/PR) and combines untrusted content intake with write/exec capability, creating meaningful operational and prompt-injection risk.