review-security

SUSPICIOUS. The skill’s capabilities mostly match its stated purpose as a read-only security review workflow, and its tool references are proportionate and largely official. The main concern is that it operationalizes AI-driven security scanning over untrusted repository/PR content with shell access, creating meaningful indirect prompt-injection and offensive-use risk even without explicit exfiltration or malicious install behavior.