swain-sync

SUSPICIOUS: the skill’s capabilities mostly align with a git-sync assistant, but it is high-impact because it autonomously commits, pushes, can open PRs, and removes worktrees. Main risks are automation scope and execution of repo-local scripts, not clear credential theft or malicious exfiltration.