github-automation

SUSPICIOUS: The skill’s capabilities match its GitHub automation purpose, but all access is routed through Composio/Rube’s third-party MCP and managed OAuth layer rather than directly to GitHub. That intermediary data flow is the main concern, along with broad high-impact GitHub actions and exposure to untrusted repo content; this is not confirmed malware, but it is a medium-to-high risk integration skill.