github-pr-comments

SUSPICIOUS: the skill’s stated purpose is coherent, but it processes untrusted PR comments and diff content while granting write and command-execution capability. No clear credential harvesting or malicious exfiltration is shown, yet the hidden script and prompt-injection exposure make this a medium-risk agent skill.