security-review

SUSPICIOUS: the stated purpose matches security review, but the skill is high risk because it gives an AI agent offensive security-audit capability, processes untrusted diffs while retaining execution/write/posting abilities, executes a repository-local shell script selected by glob, and invokes a second skill transitively. No strong evidence of credential theft or malware, but the capability and execution footprint are dangerous and internally inconsistent with the declared tool restrictions.