dev-task-queue

The skill’s behavior is mostly aligned with its stated purpose, but its core trust model is weak: it asks the agent to clone and execute task-management scripts from an unverifiable personal GitHub repo, then push task data to that remote. This is better classified as suspicious supply-chain and data exposure risk than confirmed malware.