qa-changes

Purpose is coherent for QA, but the operational footprint is high-risk: it has the agent read untrusted PR content, execute repo-defined setup commands, run the changed code, interact with services, and autonomously post a GitHub review. This is better classified as suspicious/high-risk QA automation than malicious intent.