report-bug

The skill's footprint is coherent with its stated purpose: collect bug details, format a report, and submit to GitHub. Data handling is limited to user input and basic environment information; there is an expected dependency on gh authentication, but no evident credential harvesting or exfiltration. Overall risk is low to moderate (benign with caution around auth state).