release-sync

SUSPICIOUS: The skill’s purpose and file access are coherent, but its trust model is weak because it routes content through external MCP servers that are not fully verifiable from public evidence. This looks more like a legitimate automation with medium supply-chain and data-handling risk than confirmed malware.