sovereign-sync

This skill's stated purpose — synchronizing high-sensitivity (L3) knowledge tiers with external Git repositories — is legitimate in an organizational context but presents significant supply-chain and data-exfiltration risk if misconfigured or abused. The core risks are: (1) exfiltration of confidential data to attacker-controlled repositories via the push command, (2) misuse or leakage of Git credentials (SSH keys, tokens, .netrc), and (3) lack of artifact provenance for dist/index.js (a potential download-execute supply-chain vector). Mitigations: restrict allowed repo URLs to vetted organizational endpoints, use short-lived credential flows (OIDC/GitHub Apps), add artifact signing/verification for dist/, enforce interactive/human approval before pushes of L3 data, and sanitize inputs used in any shell commands. Given the high value of the data this skill targets, treat it as a high-sensitivity component requiring strict operational controls.