review-all

SUSPICIOUS: the stated purpose is coherent for a review skill, but it relies on executing an unpinned external npm package with broad bunx permission and opaque downstream behavior. This is mainly a supply-chain and external-data-processing risk rather than confirmed malicious intent.