ultraqa

SUSPICIOUS: The skill’s purpose and capabilities mostly align for an autonomous QA workflow, and there is no clear credential theft or external exfiltration path. However, it enables bounded autonomous code modification/execution and delegates to other internal subagents, so the trust footprint is broader than a simple test runner.