sync-ag-shared

SUSPICIOUS: the skill’s purpose matches its git/GitHub capabilities, but it grants a broad automation footprint across multiple repos, including pushes and PR creation, and delegates edits to sub-agents that process untrusted repo content. Tooling is mostly legitimate, yet the third-party git-subrepo dependency and autonomous multi-repo actions make this medium-to-high risk rather than benign.