bmad-os-review-pr

SUSPICIOUS. The skill’s core purpose is coherent for PR review and its GitHub data flows are proportionate, but it materially increases risk by checking out untrusted PR code, processing untrusted diff content with powerful agent capabilities, and delegating work to another skill. Not malware, but medium security risk due to prompt-injection and transitive-trust exposure.