django-ticket-triage

This SKILL.md defines a triage workflow that is internally consistent with its stated purpose: fetching Trac tickets, searching duplicates, checking GitHub PRs via the gh CLI, optionally browsing a local clone of django/. The primary risks are operational (executing local scripts whose source is not included here) and the need for the user to authenticate gh (which uses the user's GitHub credentials). There are no indications in the SKILL.md of credential harvesting, unknown third-party proxies, download-and-execute chains, obfuscation, or direct exfiltration to attacker-controlled domains. Review or audit ./scripts/trac.py and ./scripts/forum.py before executing them in a sensitive environment. Overall assessment: low malicious intent but moderate operational supply-chain risk due to executing external scripts and requiring network access.