gitcode-issue-workflow

The skill's instructions, required tools, and actions are coherent with an end-to-end GitCode issue-to-PR workflow, but there are a few security/usability notes around token handling and secret exposure you should consider before use.

This skill looks consistent with its stated purpose, but take care with secret handling before use: 1) Prefer using Authorization headers (Bearer) rather than placing access tokens in URL query parameters, since URLs can be logged. 2) Avoid echoing tokens into shells that will record them in history or expose them via process listings; paste tokens directly into secure prompts if possible. 3) Do not store tokens in plain files like MEMORY.md unless you understand how that file is protected — consider a secure credential store. 4) Verify you trust and install the gitcode CLI from an official release (the SKILL.md points to a GitHub repo) rather than arbitrary binaries. 5) Confirm the local repo path and review all diffs before committing/pushing. If you want a stricter assessment, provide the exact MEMORY.md handling instructions or any hidden files the skill will read so I can evaluate whether the skill will access other local secrets.