perform-security-review

SUSPICIOUS: the skill is purpose-aligned and uses official GitHub/local tooling, so it is not malicious or a credential-harvesting lure. However, it meaningfully increases agent capability by enabling offensive-style security analysis, loading additional skills transitively, and feeding untrusted diffs into multiple subagents with Bash/Write access, which makes it a high-impact but coherent security-review skill.