review-github-pr

SUSPICIOUS: the skill is purpose-aligned and mainly uses official GitHub tooling, but it reviews attacker-controlled PR content while also reading code and executing repo-defined validation commands. Its built-in mitigations and explicit confirmation before posting reduce risk, yet the combination of untrusted content plus command execution makes it a medium-risk review skill rather than fully benign.