sync-repos

SUSPICIOUS. The skill’s capabilities mostly match its purpose and data flow is local, but the trust model is weaker than ideal because it is installed as a third-party skill from a personal GitHub repo and then executes/generated local shell scripts that can rewrite or delete repository files. No credential harvesting or off-platform exfiltration is evident, so this is better classified as medium security risk rather than malware.