autonomous-agent-harness

SUSPICIOUS: the skill’s core purpose and capabilities mostly align, but it materially extends trust to external MCP servers, including a beta personal-account Archon stack, and may forward credentials/API keys into those tools. This is not clearly malicious, but the autonomy model, mixed publisher trust, and credential-bearing integrations make it medium risk.