gh-issue

SUSPICIOUS: The skill's core GitHub and repo-manipulation capabilities fit its stated purpose, and the main tooling appears official. The risk comes from autonomous public actions and from processing untrusted issue content while also having permission to edit code, run commands, and create PRs; the optional `uv run` recall step adds moderate execution trust risk but is not enough on its own to make the skill malicious.