implement-issue

SUSPICIOUS: the stated purpose matches GitHub workflow automation, but the footprint is elevated by a transitive dependency on a separate third-party skill, autonomous public/project-modifying actions, and prompt-injection exposure from external issue content. Not confirmed malicious, but high enough risk to require careful review before use.