orchestrator

SUSPICIOUS: the skill's purpose matches orchestration, but it enables high-autonomy execution through external CLI subagents with `--approval-mode=yolo` and feeds untrusted agent-generated content back into the control loop. No clear credential theft or exfiltration is shown, but execution trust and indirect prompt-injection risk are material.