gh-pr-review-fix

SUSPICIOUS: the purpose and GitHub-focused capabilities mostly align, but the skill depends on an unverifiable local binary and allows autonomous commit/push. The data flow to GitHub is proportionate, yet the hard-coded opaque executable and write/exec loop make this high security risk despite limited evidence of explicit malware.