stacksmith-review

SUSPICIOUS. The skill's core review behavior matches its stated purpose, and there is no clear malware pattern, credential harvesting, or untrusted installer. The main risk is that it combines analysis of untrusted repo content with file-writing, Bash execution, subagent delegation, and autonomous auto-fix commits, which creates meaningful prompt-injection and unintended-change risk beyond a read-only review skill.