review-bugs

This 'review-bugs' skill is coherent with its stated purpose (read-only code review) and does not contain overtly malicious instructions or hidden network endpoints. The main operational concern is that it requires running git and reading repository files; if executed by an untrusted agent implementation or in an environment without sandboxing, sensitive repository contents could be exposed. Recommend: ensure the agent runs with least privilege, in a sandboxed execution environment, and that logging/export of reports is controlled. No direct malware or credential-harvesting behavior is present in this skill file.