large-file-refactorer

This skill is coherently described and its capabilities match its stated purpose (discovering large files and orchestrating test-first refactors). I found no indicators of intentional malicious behavior (no remote downloads, no credential forwarding, no obfuscated payloads). The main risks stem from the use of shell commands and broad filesystem access: when run by an agent with wide permissions or inside CI that contains secrets or untrusted package/test scripts, the skill could inadvertently read or execute unsafe content. The skill's safeguards (user confirmation, test-first requirement, per-file verification) reduce but do not eliminate operational risk. Recommend restricting execution context (no secrets mounted), whitelist/blacklist additional sensitive paths (e.g., .env, ~/.ssh, ~/.aws), and avoid running untrusted repo test scripts without sandboxing.