checkpoint

SUSPICIOUS. Core checkpoint behavior is legitimate, but the skill is materially broader than advertised: it bundles onboarding, telemetry, proactive routing, cross-skill orchestration, and optional repo modification/commit behavior. The same-org local gstack dependency keeps this from looking malicious, but purpose-capability alignment is only partial and the hidden remote telemetry path plus repo-writing side effects make the overall skill medium risk.