quality-gate

SUSPICIOUS: the skill’s core purpose is coherent for code review and refactoring, and it shows no clear credential theft or malicious exfiltration. The main risk is operational: it routes untrusted diff content through multiple reviewer agents/skills, then can auto-edit, commit, and push changes with limited user approval, while relying on unspecified sub-skill provenance.