spets

SUSPICIOUS: the stated purpose fits workflow orchestration, but the skill hands broad control to a remotely executed npm package and then blindly follows its JSON instructions. The main risk is not the SDD concept itself; it is the combination of unpinned `npx` execution, recursive remote instruction following, and data flowing back through orchestrator-controlled callbacks.