git-upstream-pr

The skill description is coherent and appropriate for its stated purpose of managing upstream PRs from a fork. It employs standard, auditable Git/GitHub CLI operations and interactive prompts without introducing credential leakage, covert data flows, or dangerous automation. While it enables potentially destructive operations if misused (e.g., cherry-picking, force-pushing, creating PRs across forks), these are normal for the workflow and are mitigated by user interaction and explicit parameters. Overall, the footprint is benign with respect to supply-chain security concerns in this context.