react-guard

The skill is mostly aligned with its stated React review purpose, but it is not self-contained: it tells the agent to load six other skills, which introduces a meaningful transitive trust risk. Absent credential access, external installs, or suspicious network routing, this is better classified as suspicious-by-design due to skill chaining rather than malicious.