pr-create

[Skill Scanner] Skill instructions include directives to hide actions from user All findings: [HIGH] autonomy_abuse: Skill instructions include directives to hide actions from user (BH009) [AITech 13.3] [HIGH] supply_chain: Installation of third-party script detected (SC006) [AITech 9.1.4] The code/specification describes a legitimate automation/assistant for creating GitHub PRs, running local pre-flight checks, pushing draft PRs, monitoring GitHub Actions, and iteratively fixing CI failures. There are no direct indicators of malware or obfuscated malicious code. The primary security concern is the capability to autonomously modify and push repository code for 'obvious' fixes without explicit per-fix user approval — this is a supply-chain risk that should be explicitly controlled (opt-in, require review of diffs, or limit auto-fix to non-functional formatting changes). Also verify trustworthiness of TaskCreate/TaskUpdate/TaskList tooling and ensure the execution environment's gh credentials are protected. Overall: safe to use with operational safeguards and a policy requiring user consent for automatic code changes. LLM verification: Functionally, the skill is consistent with its stated purpose (create PR, monitor CI, and fix issues). However, it authorizes potentially dangerous actions: installing dependencies, executing repository scripts, and autonomously modifying and pushing code. Those behaviors are legitimate for an automated PR/CI assistant but introduce significant supply-chain and operational risk if used without strict guardrails and user approvals for each code change or install. No explicit malicious code or obf