workflow-review-changes

SUSPICIOUS: the skill’s purpose is coherent for code-review automation, and it shows no external installer or credential-harvesting path. Risk comes from broad autonomous orchestration, recursive delegation to many other unverified slash-workflows, and prompt-injection exposure from reviewing attacker-controlled repo content before taking write actions.