recipe-front-build

Suspicious. The skill's stated purpose matches frontend orchestration, but it enables autonomous git commits and relies heavily on unpinned external sub-agents via the Agent tool. No credential theft or direct exfiltration is evident, yet the transitive trust and autonomous action model make it medium risk.