agent-workflow

The skill’s stated purpose is coherent with productivity-focused workflows and multi-agent orchestration. However, the footprint includes a dangerous download-and-execute pattern (curl | sh) in a Dockerfile and credential exposure practices (environment variables) that are not clearly mitigated. The data-flow model involves multiple external agents and MCP services, raising data governance concerns. Overall, the skill is Suspicious due to supply-chain risk and potential credential exposure, with a notable but not definitive possibility of benign usage in tightly controlled environments.