code-reviewer

SUSPICIOUS: the skill’s purpose is coherent, but it grants an autonomous agent high-leverage review behavior over untrusted repository content and loosely specified external/local tooling. Main concerns are indirect prompt injection and ambiguous tool provenance, not confirmed malware or credential theft.