resolve-reviews

SUSPICIOUS: the skill’s purpose broadly matches its capabilities, but it gives an agent high-impact autonomous repo and GitHub actions while processing untrusted PR comments through an external CLI package. Main concerns are indirect prompt injection, autonomous push/reply behavior, and moderate supply-chain trust in `agent-reviews`.