elephant-build

SUSPICIOUS: The skill’s capabilities mostly match its stated software-build purpose, but it expands agent authority into installing dependencies, executing unverifiable internal CLIs, invoking other skills, and shipping code. No clear credential theft or external exfiltration is present, so this is not malicious, but it carries medium security risk due to execution trust and autonomous code-shipping behavior.