ship-pr

BENIGN overall for its stated PR-shipping purpose, but with a notable high-risk optional automation path: the compozy/CodeRabbit review loop can consume external review input and then auto-commit and auto-push changes. No obvious credential harvesting, hidden exfiltration, or suspicious installer behavior appears in the provided skill text.