oh-notes

SUSPICIOUS: the skill’s core capabilities fit its stated purpose, and its primary data flows stay within GitHub/repo tooling. However, it grants an agent broad autonomous write actions (issue creation, commits, pushes, comment replies) while ingesting untrusted PR comments and invoking an external review tool, making it a high-impact automation skill rather than a benign documentation-style helper.