oh-pr-workflow

SUSPICIOUS: the core capabilities mostly match an OpenHarmony PR workflow, and its main data flows go to official GitCode/OpenHarmony services. However, the skill has meaningful security risk because it can automatically execute a setup script, process untrusted PR content while editing code, and perform impactful repo actions including PR creation, CI-triggering comments, and force-pushes. This looks like a high-privilege automation skill with medium risk rather than confirmed malware.