qodo-pr-resolver

SUSPICIOUS. The overall purpose is coherent for a PR-resolution skill, and the named CLIs are proportionate, but the skill gives external Qodo review text direct influence over code edits and repository actions. The main risk is not obvious malware or credential theft; it is high-impact autonomous modification of code and PR state based on untrusted review content, with missing `providers.md` preventing full install-trust verification.