agkan-add

SUSPICIOUS: the workflow itself is coherent for backlog task creation and does not request excess credentials or exfiltrate data, but it relies on an unverifiable external agkan binary with unclear provenance. That supply-chain gap is the main risk; absent stronger evidence of official ownership or signed releases, this should not be treated as fully benign.