gh-agent-task

The skill’s purpose and GitHub-focused capabilities are broadly aligned, and the documented network destination is GitHub. However, the install target is an internal/unverifiable CLI extension that receives high-privilege GitHub tokens and can trigger autonomous repo changes, so this should be treated as suspicious/high-risk rather than benign.