complete-task

The skill's stated purpose (stepwise task completion using a guided workflow) is broadly aligned with its capabilities. The primary risk lies in the use of npx to fetch and run an external CLI from npm, which introduces a standard but non-negligible supply-chain risk. There are no credential handling or network exfiltration patterns described in the provided content, and data flows are primarily local (task files and CLI invocations). Overall, the footprint is benign for its stated purpose but warrants moderate caution due to the transient installation of an external tool via npx.