code-review

SUSPICIOUS. The core review behavior fits the stated purpose, but the optional `--multi` path exports code-review content to unspecified external advisor infrastructure, and several invoked tools are custom/undocumented with unverifiable provenance from the skill text alone. This is not fundamentally malicious, but it has medium risk due to external data flow and trust ambiguity around helper commands.