recipe-fullstack-implement

SUSPICIOUS: the skill's purpose mostly matches its orchestration behavior, but it relies critically on a separate skill/reference and thereby creates a transitive trust chain. No direct credential theft or exfiltration is shown, yet broad delegated repo actions plus autonomous mode and externally installed referenced skills make this medium risk.