to-issues

SUSPICIOUS. The core behavior matches the stated project-management purpose, and GitHub/local modes are proportionate. Risk is mainly from the Baidu iCafe path depending on an externally named CLI whose official provenance was not established in the evidence; this creates a supply-chain trust gap, but there is no clear credential theft, hidden execution, or malicious data exfiltration.