ws-codebase-documenter

SUSPICIOUS. The core documentation behavior is coherent and there is no obvious malware pattern or third-party credential harvesting, but the skill has medium risk because it combines broad repository ingestion with file rewriting and autonomous git push/PR actions, plus optional syncing to a user-specified second repository.