This is a legitimate project-automation skill, but it gives an agent broad authority to change projects, commit history, install tools, run services, and handle API keys without enough user-controlled safeguards.
Review before installing. Use it only in a project where you are comfortable with automated file edits, git initialization, frequent commits, spawned agents, web access, and command execution. Do not paste production API keys into chat; prefer a secret manager or local environment setup. Require explicit approval before package installs, global CLI installs, process kills, deployments, or commits in shared repositories.