workflow-multi-cli-plan

SUSPICIOUS: the stated planning purpose broadly matches the workflow, but the footprint is wider than a simple planner. The main concerns are transitive trust in other skills/agents, ingestion of untrusted project/search content into planning prompts, and an auto-approval path that hands off execution with limited review. No direct credential theft or clear exfiltration is shown, so this is not confirmed malware, but it is a medium-high risk orchestration skill.