workflow-review

SUSPICIOUS: the stated purpose matches a review workflow, but the skill delegates execution to undocumented slash commands from an unspecified framework and compels autonomous step execution. No direct exfiltration or credential harvesting is shown, yet install/execution trust is incomplete and the opaque command chain makes the skill medium risk.