project-init-orchestrator

SUSPICIOUS. The skill's behavior broadly matches its purpose as a project setup orchestrator, but its core function is to invoke other local skills and downstream package installs whose provenance and exact behavior are not verifiable from this file. Risk is driven mainly by transitive skill trust and unversioned local script execution, not by credential theft or data exfiltration.