paper-reviewer

SUSPICIOUS. The main peer-review guidance is benign, but the optional figure-generation path introduces an unverifiable local script and forwards Gemini credentials to it. That dependency is not necessary for the core purpose and materially increases supply-chain and credential-exposure risk.