autonomous-dev

SUSPICIOUS: the skill’s purpose broadly matches a developer workflow, and it uses official Git/GitHub tooling rather than suspicious proxy endpoints, but it grants an agent broad autonomous write/execution capability and runs multiple unverifiable repository-local scripts. The main risk is operational autonomy and trust in local hook/wrapper scripts, not confirmed malware or credential theft.