signal-pr

SUSPICIOUS. The skill is coherent for GitHub PR automation and uses an official GitHub CLI/data path, so it does not look malicious or like credential harvesting. However, it enables immediate commit/push/PR actions without confirmation and references additional local skill logic not included here, making the overall behavior higher-risk than a passive helper.