github-triage

SUSPICIOUS. The overall purpose is coherent for GitHub triage, but the operational core depends on an undocumented, unverifiable `gh-tool` and a transitive `agent-tools` skill. Because that CLI likely receives GitHub credentials and can perform write/merge actions, the skill carries high security risk even without explicit evidence of malware or exfiltration endpoints.