open-pr

The skill’s stated purpose is coherent, but its implementation is riskier than necessary because it downloads and executes an unpinned third-party helper package at runtime to perform a task that could be done with the official gh CLI directly. This is best classified as suspicious/high-risk supply-chain delegation rather than confirmed malicious behavior.