rfc-research

SUSPICIOUS: the core purpose is coherent, but the skill depends on an externally published MCP server installed via unpinned npx and processes untrusted GitHub content with agent/subagent execution plus file-write capability. The main concern is indirect prompt injection and third-party tool trust, not confirmed malicious intent.