research

The skill implements a legitimate research workflow but poses a moderate supply-chain/data-exfiltration risk because it mandates dispatching exploration agents (spawn_agent/TeamCreate/Task/ao) and instructs including file:line citations and code snippets without any sanitization or explicit backend trust model. In trusted environments where backends are local or enterprise-controlled, risk is low; in default or untrusted environments, the workflow can leak sensitive repository contents. Recommend: enforce sanitization and allow/deny lists, require explicit human confirmation before remote dispatch (or disable --auto by default), and document the exact backend endpoints/trust model before use.