complete-pr

Suspicious. The stated purpose matches GitHub-focused capabilities, and `gh` itself is legitimate, but the skill grants broad autonomous repository actions and relies on multiple unspecified external skills for privileged operations. Main concerns are transitive trust, prompt-injection exposure from PR content, and repeated remote actions rather than clear malware behavior.