create-pr

This skill is functionally coherent with its stated purpose: creating a PR for a matched cart issue and updating a local marshroom state file. The primary risks are operational: it requires shell access and write permission to ~/.config/marshroom/state.json, permission to commit and push to the repository, and use of gh/git credentials already present on the system. There are no external download-execute patterns, no credential exfiltration endpoints, and no obfuscated or hidden network flows. Treat the skill as a privileged automation helper that should be run only with explicit user consent and appropriate local safeguards (review commits before pushing, ensure state.json is trusted).