agent-sync-coordinator

This skill/specification matches its stated purpose and uses legitimate GitHub and orchestration operations. There is no explicit malicious code, C2, or obfuscation in the provided fragment. However, the workflow exercises high-impact capabilities (reading arbitrary workspace files and writing to repositories via API/gh CLI). The primary security concern is misuse or misconfiguration: accidental exfiltration of secrets, unauthorized repository modifications, or improper target resolution via template placeholders. Treat as high-privilege tooling that requires strict credential scoping, input allowlisting, audit logging, and operational controls before deployment.