align-repo

The core repo-auditing behavior is aligned with the stated purpose, but the skill adds unnecessary remote self-update and transitive skill-installation behavior. That makes it suspicious rather than outright malicious: the main risk is supply-chain and inherited trust, not direct credential theft or exfiltration.