epic-workflow

SUSPICIOUS: the core GitHub planning workflow is coherent and uses official git/gh tooling, but the skill is not fully benign because it chains into unspecified helper skills, reads broad repository content, and performs autonomous external actions (issue creation and branch push) without explicit per-action approval. Main risk is transitive trust and prompt-injection/autonomy exposure, not confirmed malware.