I think this is a killer project that's very needed to accelerate the learning of how to defend against the deluge of nascent CI/CD risks. Kudos Boost team!
Do you have a working example of a skill reducing tokens on repeat tasks? I'm personally seeing the cost of writing and maintaining skills to be much larger than the tokens I'm saving by doing so.
I've worked in software supply chain security for two years now and this is an extremely optimistic take. Nearly all organizations are not even remotely close to this level of responsiveness.