implementation-manager

SUSPICIOUS: the skill's purpose and local file operations are broadly coherent, and no clear credential theft or exfiltration path is shown. However, it depends on a project-specific `sam` CLI / MCP backend whose provenance could not be publicly verified, so install/execution trust is the main risk driver.