github-auto-implement

SUSPICIOUS: the core GitHub automation purpose matches the capabilities and uses official GitHub tooling, so this is not indicative of credential theft or malware. Risk is driven by autonomous real-world actions and untrusted GitHub content being fed into code-changing workflows, plus reliance on unspecified companion skills.