deployment

SUSPICIOUS: the skill’s purpose is coherent for deployment work, and most examples align with official platform tooling. Risk comes from enabling proactive production actions, using an official-but-unsafe Fly curl|sh installer, and forwarding deployment secrets to third-party GitHub Actions (especially a Railway action pinned to @main). No strong signs of credential theft or hidden exfiltration, but the execution and trust footprint is broader than a low-risk documentation skill.