ghp

SUSPICIOUS: The skill’s GitHub-issue bootstrapping purpose is coherent, but it relies on nonstandard `gh` extensions with unverifiable trust from the provided text and feeds untrusted issue/comments directly into an agent that can act on code and git state. No clear credential theft or off-platform exfiltration is shown, so this is not malicious, but it carries medium risk.

SUSPICIOUS. The task itself is coherent and limited to GitHub Project triage, but the skill's core dependency is a non-official `gh` extension from a personal GitHub account, which expands trust to third-party code operating with GitHub CLI credentials. There is no clear evidence of malware or exfiltration, but install/execution trust is weaker than the skill description suggests.

SUSPICIOUS: The skill's purpose and actions are broadly aligned with GitHub milestone automation, but it relies on non-core/extension gh commands whose provenance and data handling are not specified. That makes the main risk a medium trust and supply-chain issue rather than clear malicious behavior.

Mostly coherent GitHub automation using official `gh` commands, but the optional `gh pm` path introduces an unscoped third-party extension trust gap. Overall this is better classified as SUSPICIOUS than benign due to unspecified extension provenance and likely token-backed execution, though there is no clear evidence of malware or exfiltration.