warden-sweep

Mostly aligned with its stated code-review purpose, but it is high-impact automation: it scans all repo content, invokes subagents on untrusted code, writes files, pushes branches, and opens GitHub issues/PRs. This looks more risky than malicious; the main concerns are autonomous repository actions and prompt-injection exposure from full-repo processing, not credential theft or covert exfiltration.