deep-dive

SUSPICIOUS. The skill is mostly coherent as an orchestrator for investigation and spec generation, and it includes a meaningful guard against trace-based prompt injection. The main risk is transitive: it reads untrusted project content, reinjects summaries into prompts, persists shared state, and then hands execution to other skills. No direct credential theft, exfiltration endpoint, installer abuse, or obvious malicious behavior is present, but the combination of prompt-processing plus downstream autonomous handoff makes it higher risk than a simple documentation or single-purpose planning skill.