migrate

[Skill Scanner] Skill instructions include directives to hide actions from user BENIGN: The skill fragment describes a locally-scoped migration runner with appropriate idempotent behavior, no external dependencies, and no credential handling. It aligns with the stated purpose of keeping workflow files in sync and provides a safe, controlled mechanism to apply and track migrations. LLM verification: The skill metadata and instructions are consistent with a benign migration utility but present supply-chain risk because the actual migration script(s) were not provided for review, the skill runs automatically with elevated frequency, and static analysis flagged directives to hide actions from the user. Treat this as moderately risky: do not allow automatic execution until .claude/skills/migrate/scripts/migrate.sh and all migrations are reviewed for network access, credential reads, and arbitra