audit

SUSPICIOUS. The skill’s main behavior matches a code-audit utility, but its footprint is fairly powerful: multi-agent analysis of untrusted repository content, local command execution, automatic report commits, and optional task/issue creation. No clear credential theft or malicious exfiltration is present, but the combination of indirect prompt-injection exposure and autonomous repo modifications makes it medium risk.