red-team-review

SUSPICIOUS. The core review-loop purpose is coherent, but the skill expands risk by bundling local context for external reviewers and by relying on an unverified context-bundler dependency. The largest concerns are unverifiable external-tool provenance and prompt-injection/exfiltration risk from sending bundled project data to browser/CLI reviewers with Bash and Write still available.