uithub-fetcher

SUSPICIOUS. The stated purpose is coherent, but the implementation relies on an unpinned third-party CLI that performs OAuth and may mediate GitHub access through non-official infrastructure. The main concerns are runtime supply-chain trust, credential forwarding to third-party code, and prompt-injection exposure from fetched repository content.