code-review

SUSPICIOUS: The main review behavior is coherent and locally scoped, with no credential or exfiltration flow. However, the embedded recommendation to install an external GitHub-hosted skill creates a transitive trust risk, and Bash permission is broader than the stated non-executing review purpose.