issue-to-implementation

SUSPICIOUS: the core GitHub issue-to-PR purpose is coherent, and data flows stay mostly within official GitHub tooling, but the skill is high-impact for an AI agent because it combines untrusted external issue/comment content with local file modification, command execution, and autonomous remote writes (push/PR creation). This is not confirmed malware, but it is a medium-high risk agent skill due to indirect prompt-injection and real-world action potential.