dev-ship

SUSPICIOUS: the skill’s core behavior aligns with autonomous GitHub development, and its tools/endpoints are mostly official. The main risk is not credential theft or covert exfiltration, but broad autonomous action plus transitive skill invocation and untrusted issue/review content combined with code execution and GitHub write access.