slo-investigate

SUSPICIOUS: The workflow is largely coherent for SLO investigation and uses proportionate read-only operations with official GitHub endpoints, but the central `gcx` CLI remains publicly unverifiable. That unresolved binary provenance triggers a high supply-chain risk floor, though there is no strong evidence of credential theft, proxying, or malicious intent in the skill itself.