cmux-second-opinion

SUSPICIOUS: the core behavior is coherent with a second-opinion review skill, and there are no installer or obvious credential-theft patterns. However, it deliberately forwards local code/spec contents to another AI agent and launches that agent with approval-bypass flags, creating meaningful prompt-injection and delegated-action risk beyond a simple review helper.