iterate-pr

SUSPICIOUS: the skill’s GitHub/PR capabilities align with its stated purpose and use official tooling, but it is high-risk because it enables fully autonomous recurring repository actions—editing code, committing, pushing, and posting on GitHub—without explicit per-action approval. The main concern is autonomy abuse and exposure to untrusted review/CI content, not malware or credential theft.