review-session

SUSPICIOUS: the stated purpose is coherent, but the skill relies on third-party GitHub-installed plugins, executes plugin-provided local code, and delegates transcript processing to another agent. The main risk is transitive trust and prompt-injection surface from untrusted transcript content, not clear malware or credential theft.