dune-app-review

Suspicious. The stated purpose matches a Dune app review, and the GitHub source is plausibly official, but the skill delegates its real behavior to mutable remote markdown fetched at runtime and then executed as instructions with Shell/Write permissions. This creates medium-high security risk from remote instruction injection and unpinned trust, even without clear malicious intent.