major-task

SUSPICIOUS: the core purpose is coherent for a repo-planning skill, but it expands trust through explicit helper-skill loading, unpinned cloning, and autonomous tracker/PR actions. Main risk is transitive skill installation plus processing untrusted external content while retaining write/exec capability, not overt malware or credential theft.