pr-review

The skill's functionality aligns with a scope-focused PR review agent and is not overtly malicious. Primary risks are supply-chain (unproven transitive modules with no provenance/pinning), credential and permission misuse (platform CLIs operating with environment tokens), and excessive local file access if not narrowly scoped. Recommended mitigations: (1) require documented provenance and pinned versions for every dependency/skill before granting execution rights; (2) use least-privilege tokens for gh/glab and require per-action user confirmation for any write operation; (3) restrict local file search paths and explicitly exclude common secrets directories; (4) log and surface every remote action and persisted knowledge capture for audit; (5) perform security review/audit of transitive skills (pensive, sanctum, imbue, memory-palace, scribe) before enabling automation. With these mitigations the skill can be used safely for focused PR reviews.