finalize

SUSPICIOUS: the visible skill is mostly coherent for a finalize workflow, but it delegates critical behavior to multiple unreviewed sub-skills and can lead to real repository actions. Risk is driven more by transitive skill execution and shipping autonomy than by direct exfiltration or malicious data flow in this file.