pr-review

SUSPICIOUS: The skill’s purpose matches its GitHub review capabilities and uses official first-party tools, so there is no strong malware or supply-chain signal. However, it grants an agent high-impact autonomous repository actions after consuming untrusted PR/issue content, making the overall security risk medium-high despite coherent purpose alignment.