workon

SUSPICIOUS: the skill’s purpose is coherent, but it grants an agent autonomous issue/repo workflow actions and forwards untrusted issue content into another agent’s instruction channel, creating meaningful prompt-injection and automation risk. No clear credential theft or overt exfiltration is shown, so this is not malware, but it is a medium-to-high risk orchestration skill.