self-review-apply

SUSPICIOUS: the skill’s purpose broadly matches code-review application, but it gives an agent high-trust autonomy to turn untrusted XML review content into direct code edits and shell-driven actions. Main risks are XML-driven git command arguments and indirect prompt injection from review text/attachments, not supply-chain abuse or explicit credential theft.