coding-agent

SUSPICIOUS: the skill’s purpose is coherent, but it gives local coding agents broad authority over repositories and GitHub actions, including dangerous no-approval modes and autonomous push/comment flows. Main risks are agent autonomy, exposure of repo/PR data to third-party CLIs, and prompt-injection hazards when reviewing untrusted PR content.