pr-security-review

SUSPICIOUS: the skill’s purpose is coherent and its tooling/data flows stay within official GitHub channels, so it does not look malicious. However, it is high-impact because it combines untrusted PR content ingestion with autonomous write/push/comment/issue actions on a live repo, creating meaningful prompt-injection and action-abuse risk.