coding-agent

SUSPICIOUS: The skill’s core behavior matches its stated purpose—running official coding-agent CLIs in the background—and its install instructions point to same-org official npm packages rather than suspicious third-party payloads. The main risk comes from autonomous background delegation to external AI CLIs with write capability (`--auto-approve`) over arbitrary repositories, which creates meaningful indirect prompt-injection and unintended-change risk. This is not strong evidence of malware or credential theft, but it is a medium-risk orchestration skill that should only be used with narrow scope and careful review.