autonomous-review

SUSPICIOUS. The skill’s capabilities mostly match autonomous PR review, and the cited external tools are official. However, it enables consequential autonomous actions (approve/merge), processes untrusted repo comments/web content while able to execute commands and modify GitHub state, and uses an unpinned MCP install path. No clear credential theft or malicious exfiltration is shown, but the operational risk is high enough to warrant caution.