product-creator

SUSPICIOUS. The skill’s purpose broadly matches software-project orchestration, but its footprint is high risk because it enables autonomous real-world GitHub actions and relies on the unverifiable ak CLI as the core control plane. GitHub/npm usage is normal for the stated purpose, yet the unverified agent-kanban dependency, public-repo default, multi-agent delegation, and PR/code-driven workflow make the skill unsafe to trust without stronger provenance and tighter approval gates.