Github Collab

The skill bundle provides a comprehensive framework for GitHub collaboration but contains high-risk execution patterns and vulnerabilities. Specifically, `src/scripts/main.js` and `src/scripts/scheduler.js` utilize `child_process.execSync` with unsanitized variables in template literals (e.g., repo names and task titles), creating a significant shell injection surface. Additionally, `src/db/config-sync.js` implements a self-modifying code pattern by programmatically overwriting `src/agent-addresses.js`. While these behaviors are functionally aligned with the stated purpose of GitHub automation, the combination of shell execution risks and source code modification is inherently risky.