kata-add-issue

The skill implements local issue capture and optional GitHub syncing in a way that aligns with its stated purpose. There are no signs of obfuscation, hardcoded secrets, or supply-chain download-execute patterns. The primary security risks are accidental disclosure: committing sensitive planning content to the repository and uploading issue bodies to GitHub when github.enabled=true. These behaviors are expected for a sync feature but warrant user awareness and appropriate configuration (commit_docs flag, gitignore, and verifying gh authentication).