pr-testing

SUSPICIOUS: The overall purpose is coherent for a PR-testing skill, and the Microsoft/Aspire install sources are plausibly official. However, the skill has a serious integrity flaw: it derives a shell install command from PR comments and executes it unchanged, creating a direct untrusted-content-to-shell path. Running PR-built binaries is in scope for testing, but combined with comment-driven command execution and raw GitHub installers, the skill carries medium-high security risk.