build

SUSPICIOUS: the skill's core purpose is coherent for autonomous feature development, and it does not request credentials or show direct exfiltration. However, it has meaningful security risk from broad autonomous repo access, Bash execution over repo-derived context, and especially the required transitive installation/invocation of a third-party `ship` skill.