replicate-issue

SUSPICIOUS. The skill’s overall purpose is coherent for bug reproduction, and its external tools appear to be official or same-org. The main risk is that it reads untrusted GitHub issue content/comments and then uses that content to drive shell commands, browser automation, and local API actions, which creates an indirect prompt-injection pathway. Process-killing and branch-pulling are impactful but still proportionate to the stated task. No clear credential harvesting or external exfiltration is present.