create-pr

The skill is coherently scoped: it analyzes local git state, optionally uses a PR template, and creates a PR via the official GitHub CLI. Data flows are appropriate for its stated purpose with no evident credential harvesting or external data exfiltration. The main risks are around reliance on branch naming/commit messages for ticket IDs and ensuring gh is properly authenticated; these are manageable and align with a legitimate developer workflow. Overall, the footprint is benign and proportionate to its purpose, with minor hardening opportunities to improve robustness.