jules-review

SUSPICIOUS: the GitHub posting behavior is aligned with the skill’s purpose, and gh itself is an official dependency, but the skill’s core review path depends on an unverified /council skill that receives full PR context and diff data. Combined with untrusted PR-content processing and the ability to post public reviews/comments, this creates medium risk despite no clear evidence of malware.