automation

SUSPICIOUS. The core skill is purpose-aligned and uses official OpenHands API endpoints, so it is not overtly malicious. Risk comes from autonomous scheduled execution with full sandbox/secrets access and from transitive trust in external plugins fetched from arbitrary repos or git URLs, especially when mutable refs are allowed.