auto-dev

SUSPICIOUS: the skill’s behavior broadly matches its stated autonomous-dev purpose, but its footprint is high-trust and high-impact. Official tool provenance lowers supply-chain concern, yet unpinned MCP execution, broad 'any skills/MCP tools' authority, live credential handling, web-content ingestion with write/exec ability, and deploy/push capabilities make this a medium-risk autonomous skill rather than a benign low-risk helper.