research

SUSPICIOUS: The core purpose is legitimate and mostly aligned, and `gh api` is an official same-org tool. The main concern is data-flow and trust: research requests and possibly multiple provider API keys are routed through a third-party MCP omnisearch server from a personal GitHub account, creating credential-forwarding and prompt-injection risk disproportionate to a simple verification skill.