refactor-prototype

SUSPICIOUS: the core local refactor behavior is mostly aligned with purpose, but the skill materially increases risk through autonomous execution, plan-defined command execution from local artifacts, and a transitive trust chain to external UI skills. No clear credential theft or exfiltration is present, so this is not malicious, but it is a medium-risk agent skill.