biweekly-report

The skill’s purpose and visible capabilities mostly align with status-report generation, and GitHub access through gh is proportionate. However, it relies on an unverifiable local Slack-access script in the user’s home directory, which materially weakens install and execution trust and creates credential/data-handling risk. Overall classification: SUSPICIOUS due to the unverifiable dependency, not because the reporting workflow itself is inherently malicious.