skill-feedback

SUSPICIOUS. The core behavior is coherent: it gathers feedback and posts GitHub issues to the official target repo using GitHub's official CLI. The main concern is the anonymous path, which relies on a local unverified token-generation script and private key, then forwards the resulting credential to gh for external posting. That makes the skill high-risk from a credential-handling and trust perspective, though not clearly malicious.