task

SUSPICIOUS. The skill is broadly aligned with its stated purpose and does not show clear malware or suspicious installer behavior, but it is high-impact orchestration: it reads untrusted tracker content, can edit/execute locally, loads additional skills, and by default performs public/external actions like PR creation and issue comments. Main risk is autonomy plus indirect prompt injection, not credential theft or covert exfiltration.