fetch-issue

SUSPICIOUS: the stated purpose is narrow and plausible, but the implementation relies on executing a third-party package at @latest through bunx instead of using gh directly. That creates disproportionate supply-chain trust for a simple read-only GitHub task; no clear exfiltration is shown, so this is risky rather than confirmed malicious.