team-assemble

SUSPICIOUS: the skill’s purpose matches agent-team orchestration, and there is no obvious credential theft or third-party exfiltration. Risk comes from broad execution authority, explicit bypassPermissions use, and indirect prompt-injection exposure from reading repo content before allowing subagents to write files and run Bash.