review-driven-development

SUSPICIOUS: The skill is mostly coherent with its stated issue-to-merge purpose and uses official GitHub/GitLab tooling, so there is no strong malware or installer abuse signal. The main risk is proportionality and data flow: it can autonomously modify/push code and may send full diffs to external AI reviewers, which is plausible for review automation but increases confidentiality and prompt-injection risk.