autonomous-dispatcher

No explicit malicious payload (exfiltration/cryptomining/reverse shell) is evident in this module. The dominant supply-chain/security risk is intentional configuration-as-code execution: dispatcher.conf is sourced directly, and inline project metadata is executed via eval after partial validation. Mitigations exist (ownership/permission trust gate for dispatcher.conf, subshell isolation, and basic assignment-format validation for inline metadata), but the eval-based design is sensitive to validator gaps. This file should be treated as security-critical: ensure dispatcher.conf is strictly non-writable by untrusted users and review downstream dispatcher-tick.sh/lib-config.sh for additional trust and sanitization.

SUSPICIOUS. The skill is internally consistent with its stated dispatcher purpose and uses official GitHub/AWS mechanisms, so it does not look malicious. However, it processes untrusted GitHub issue content and can autonomously trigger local or remote execution via cron and AWS SSM, which creates meaningful security risk even though the scope is mostly proportionate.