pr-ship

SUSPICIOUS: the skill’s actions largely match its stated PR-shepherding purpose, and data flows stay within GitHub/local tooling, but its footprint is high-impact. Default auto-merge, automatic workflow approval, and execution of branch-defined scripts make it risky for an AI agent even without signs of credential theft or covert exfiltration.