gstack-workflow-assistant

SUSPICIOUS: the skill's purpose broadly matches planning, QA, and release workflows, but its trust model is weak. The main concern is install and execution of a same-repo setup path and browser executable without a strong release-verification trail, combined with access to authenticated browser cookies and the ability to perform repository actions like shipping and PR creation. No explicit credential exfiltration or malicious endpoint is shown, so this is high security risk rather than confirmed malware.