pre-ship-review

The skill’s stated purpose (pre-ship review and integration-boundary validation) aligns with its described capabilities (phases of external checks, cc-skills orchestration, and judgment reviews). The install sources reference standard package managers and official tool pipelines, which is typical and generally trustworthy when proper versioning and verification are assumed. Data flows are primarily within the development environment (diffs, tool outputs, and reports), with no evident credential handling or exfiltration. Overall, the footprint is coherent with a governance/quality-assurance helper. Risk is moderate due to dependency proliferation and potential for misconfiguration in tool executions, but there is no direct evidence of credential leakage or hostile behavior.