ln-1000-pipeline-orchestrator

The configuration file is not overtly malicious, but it enables automatic execution of two local shell scripts on lifecycle events with permissive settings (empty matchers and defaultMode='bypassPermissions') and references hidden scripts. This combination is a meaningful security risk because those scripts, if malicious or compromised, can perform arbitrary host actions (data access, network exfiltration, persistence). Verify and audit the referenced scripts and tighten permission/integrity controls before trusting or deploying.

SUSPICIOUS: the skill’s core behavior matches a pipeline orchestrator, but its footprint is high-trust and high-impact. Broad delegated permissions, autonomous multi-stage execution, git push capability, hook installation, force cleanup, and transitive trust in other skills make it a medium-high risk orchestration skill rather than malware. No clear credential harvesting, hidden exfiltration, or unverifiable binary install is present in the provided text.

The fragment outlines a thorough, multi-stage orchestration design with strong emphasis on validation and controlled transitions. It is not inherently malicious, but its security posture hinges on strong authentication of messages, integrity of plan criteria and kanban/git state, and minimized shell-based side effects. To harden: implement cryptographic/mutual authentication for messages, validate plan criteria integrity (signing/HMAC), reduce shell side effects or sandbox them, add explicit timeouts and idempotent operations, and separate plan evaluation from execution to reduce spoofing risk.