production-code-audit

SUSPICIOUS: the stated purpose broadly matches code-audit and refactoring behavior, and there is no evidence of external exfiltration or credential harvesting. However, the skill grants autonomous repo-wide read/write authority and executes an unreviewed local script whose behavior cannot be verified from the supplied material, creating moderate supply-chain and integrity risk.