pr-review

SUSPICIOUS: the core PR-review behavior is legitimate and aligned with its purpose, and the official gh/glab tooling is coherent. The main risk comes from transitive skill dependencies plus processing untrusted PR content while retaining write/action capabilities, which creates meaningful prompt-injection and data-flow uncertainty. No clear credential harvesting or confirmed malicious behavior is present.