swain-sync

SUSPICIOUS: the overall behavior matches a git sync/publish skill, and network/data flows mainly target expected remotes and GitHub. However, it has medium-to-high operational risk because it autonomously commits, pushes, may open PRs, and executes many mutable repo-local scripts from the working repository, which expands trust to whatever is already in .agents/bin and repo content.