This deployment skill does not appear to steal data or run hidden destructive commands, but it can mark GitHub and Cloudflare deployment steps as complete even though it only prints the commands that would be run.
Review this skill carefully before installing. It is suitable only as a workflow/status helper unless you separately run and verify the actual GitHub and Cloudflare commands. Do not rely on its reported deployed or github_ready status as proof that a repository or Cloudflare Pages deployment exists, and avoid putting broad Cloudflare API tokens in local config files without least-privilege scoping and commit protection.