git-automation

[Skill Scanner] Backtick command substitution detected This SKILL.md is documentation for a Git automation workflow with Beads task-tracking integration. The described capabilities align with the stated purpose: validating and enforcing atomic commits, running tests/lints, and syncing task status. No malicious code or obfuscation is present in this document. The main security considerations are operational: the BEADS_API_KEY credential and enabling auto-commit/watch mode can cause automated updates to remote services and repositories, so users should ensure the Beads endpoint and credentials are trusted and that auto-commit behavior is configured (dry-run/confirmation) to avoid accidental data pushes. Overall, the document appears benign but describes features that require careful operational controls. LLM verification: This SKILL.md documentation describes a reasonable git automation skill with valid features (atomic commits, validation, and task-tracking sync). There are no explicit malicious code snippets here, but the instruction set carries moderate supply-chain risk because it implies automated commits, credential usage (BEADS_API_KEY), and custom sync tooling whose install sources and network endpoints are unspecified. The biggest risks are: (1) lack of provenance for the beads-sync tooling (could be sou