github-project-management
Warn
Audited by Socket on Jun 14, 2026
1 alert found:
AnomalyAnomalySKILL.md
LOWAnomalyLOW
SKILL.md
SUSPICIOUS: the GitHub management functionality is mostly aligned with the skill’s purpose, and `gh` usage is normal, but the skill delegates privileged project operations to third-party swarm packages executed via mutable `npx` commands from a different publisher. That creates medium supply-chain and delegated-access risk even without clear evidence of malware or explicit credential theft.
Confidence: 100%Severity: 60%
Audit Metadata