planner

SUSPICIOUS. The core planning behavior is coherent and GitHub/Jira destinations are legitimate, but the Jira path materially increases risk: it sources raw credentials from local files and may execute an unverified local `jira-client.sh` helper or another skill. This is not confirmed malware, but the optional Jira integration makes the skill high-risk from an execution-trust and credential-handling perspective.