kata-review-pull-requests

SUSPICIOUS. The skill's core purpose matches PR review, and its GitHub CLI usage is proportionate, but it combines untrusted diff ingestion with subagent prompting, file modification, commits, issue creation, and optional PR merge. The biggest concern is indirect prompt injection from PR content leading to downstream actions; install-trust risk is moderate due to execution of unseen repo-local scripts, not external downloads.