push-pr

Benign overall. The skill's footprint is coherent with its purpose: it automates standard git/PR workflows without introducing credential harvesting, unverifiable binaries, or broad system access. The primary risks are operational (history rewriting, unintended pushes) rather than security/exfiltration risks. Recommend ensuring safeguards for destructive actions (e.g., prompt confirmations for branch rewrites, clear user prompts for stacked PR decisions) and verifying gh authentication scope to prevent unintended repository access.