team-feature

This skill is functionally coherent with its stated purpose (automatically assembling specialist subagents to implement a feature) and does not contain direct malware payloads or explicit exfiltration instructions. However, it creates high supply-chain and data exposure risks because it: (1) reads arbitrary repository content and diffs (which can include secrets), (2) instructs delivering the full context to all spawned subagents, and (3) relies on spawning general-purpose subagents (transitive trust). These patterns can lead to credential leakage or unintentional exfiltration if subagents are untrusted or compromised. Recommended mitigations before use: redact secrets and sensitive file patterns from the context, enforce least-privilege context passed to each specialist, require user approval for spawning subagents or sending sensitive files, and restrict subagents to vetted code/executors.