address-github-issue

SUSPICIOUS: the skill’s GitHub access and `gh` installation path are internally consistent and mostly benign, but the overall footprint is high-risk because it turns untrusted GitHub issue/comment content into autonomous code-writing, command execution, file updates, and multi-agent coordination without explicit per-action approval. The main concern is indirect prompt injection and autonomous repository modification, not credential theft or malicious installer behavior.