vs-ship-it

Mostly coherent PR automation for GitHub repos using standard `git` and official `gh` flows. Main concerns are autonomous repo actions, session-context disclosure into PR text, and transitive trust in another skill; this is better classified as suspicious/medium-risk than malicious.