bg-jobs

The skill concept (bg) is aligned with background job execution and monitoring, but it relies on an unverifiable external binary for installation and enables execution of arbitrary commands. This creates notable supply-chain risk and potential for misuse if the agent executes commands without strict user/policy controls. The data flow remains largely local, which is good for protectability, but the installation source ambiguity and command-execution surface push the assessment toward SUSPICIOUS rather than BENIGN. Recommend requiring official, signed install provenance, explicit sandboxing, and strict per-command confirmation/limits before deployment.