team-level

This skill is functionally appropriate for orchestrating a team-based level design workflow and does not contain explicit malicious code or exfiltration instructions. However, it grants broad runtime capabilities (Bash, Task, Read, Write/Edit) without specifying sandboxing, path whitelists, or subagent capability restrictions. The greatest risk is transitive: subagents could be used to execute arbitrary commands or access sensitive files if the execution environment permits. Recommended mitigations: limit Read/Write to project design directories, constrain or remove Bash from allowed-tools (or restrict to non-network, read-only operations), and enforce explicit per-step, human-reviewed approvals for any commands touching non-design paths.