github-issue-driven-dev

SUSPICIOUS: The skill’s capabilities mostly match its GitHub workflow purpose, and data flows stay on GitHub/local files. Main concern is the unverified optional global `codex-gh-workflow` binary plus the skill’s ability to autonomously create/push GitHub changes; without clearer provenance for that binary, risk is medium rather than benign.