try

SUSPICIOUS: the GitHub CLI/API usage is official and proportionate, but the skill's real function is to grant in-session authority to arbitrary remote SKILL.md content from any repo. The main risk is transitive trust and indirect prompt injection, not malware or credential exfiltration by itself.