blueprint

This skill appears coherent with its stated purpose: it will help you elicit requirements, produce a Spec and RFC, and (if you confirm) proceed to implement them. Key things to consider before installing or using it: - The skill requires no external credentials or installers, so it won't pull code or ask for secrets during install. - However, it enforces that once you explicitly confirm the Spec/RFC, the agent must immediately begin implementation and must not pause using the normal assistant finish channel until implementation completes. If you are not ready for the agent to start making changes or running actions autonomously, do NOT confirm—instead ask the agent to only output the Spec/RFC (the skill text admits that as an explicit opt-out). - The skill is allowed to explore user-provided artifacts (code, attachments, images). If you will supply sensitive files, consider sanitizing them or restricting access before confirming implementation. - If you want more control, tell the agent up-front to produce only Spec/RFC and to wait for explicit step-by-step approval before any implementation. If the skill later requests credentials, installs, or network access, treat that as a red flag and revoke permission. What would change this assessment: if the skill declared required environment variables, install steps that download/execute remote code, or included code files that perform network exfiltration or privileged config changes, the verdict would move to suspicious or malicious. At present the main caution is the required automatic implementation behavior — exercise care when confirming work.