coding-agent

SUSPICIOUS. The skill’s purpose matches its capabilities, but it gives AI agents high-autonomy shell access to external coding CLIs, including approval-bypass modes and public GitHub actions. The main risk is not malware-like deception; it is disproportionate autonomous execution and prompt-injection exposure when operating on repositories and PRs.