continuous-mode

This skill legitimately implements an autonomous continuous development loop but lacks critical safety, least-privilege, and audit controls. The primary risks are supply-chain execution of repository scripts during test/build, accidental or intentional exfiltration of secrets, uncontrolled commits/pushes and CI triggers, and unbounded autonomous activity. Recommend the following mandatory mitigations before use: (1) require explicit per-change human approval for pushes or changes to sensitive files; (2) run all test/build actions in an isolated, ephemeral sandbox with no access to host secrets; (3) enforce file allowlists/deny-lists and forbid automated edits to credential/config files; (4) log and surface all proposed changes and test outputs to humans for review; (5) enforce rate limits/iteration caps (no infinite loop); (6) disallow installs from untrusted sources and pin any required third-party tools; and (7) provide an auditable identity for the agent and immutable commit signatures. With those mitigations, the skill may be acceptable for controlled automation; without them it poses a moderate-to-high supply-chain security risk.