devpilot-scanning-repos

BENIGN in stated purpose and data flow, but HIGH-CAUTION operationally: the skill is coherent for repo auditing and GitHub issue filing, with no suspicious installer or credential-routing behavior. Its main risk is that it combines broad ingestion of untrusted repository/docs content with command execution and autonomous GitHub mutations, creating meaningful indirect prompt-injection and action-abuse exposure.