workflow-lite-execute

SUSPICIOUS: the skill’s purpose fits a workflow executor, but its implementation has a serious command-injection path and notable prompt-injection/trust-chain risk. External CLI use is somewhat consistent with purpose, yet the broad Bash/Agent execution and skill handoff make the overall security risk high despite low evidence of intentional malware.