ss-cli-rotate-and-sync

SUSPICIOUS. The purpose is coherent for secret rotation, env sync, and service restart, but the core ss-cli dependency is unverifiable and receives a Secret Server token plus secret values. That combination makes the skill high risk from a supply-chain and credential-forwarding perspective, even though the stated workflow itself is plausible.