follow-up-on-pr

SUSPICIOUS: The skill is purpose-aligned for PR maintenance and uses official Git/GitHub flows, so there is little sign of malware or credential theft. However, it grants an AI agent high-impact autonomous capabilities—executing repo-defined commands, force-pushing branches, and posting/editing PR content based on untrusted PR data—so the operational risk is medium-to-high even though the data flow itself stays within expected GitHub boundaries.