code-review

SUSPICIOUS: mostly coherent as a code-review skill, with no direct credential harvesting or exfiltration, but it has two notable risks disproportionate to a pure reviewer: it loads custom guidance from the untrusted PR branch and it encourages installation of another skill, creating a transitive trust chain. Same-org OpenHands references reduce maliciousness concerns, but prompt-influence and trust-extension keep the overall risk at medium.