code-reviewer

SUSPICIOUS. The core review behavior is coherent and mostly local, with low install-trust risk because there is no remote download/execute chain. However, automatic background hooks for "self-improving-agent" and "session-logger" introduce opaque secondary execution and possible data retention/exfiltration that are not well-justified for a simple code-review skill, and the combination of untrusted PR/web content plus Bash access raises indirect prompt-injection risk.