autoresearch

SUSPICIOUS. The skill’s purpose mostly matches its capabilities, but its footprint is high-risk because it grants an AI agent indefinite autonomous code-editing and command-execution authority over arbitrary projects, with destructive git cleanup and strong exposure to untrusted repo content and project scripts. No clear credential harvesting or explicit exfiltration is present, so this is better classified as a dangerous autonomous developer workflow than confirmed malware.