pr-loop

SUSPICIOUS. The GitHub-focused capabilities mostly match the stated PR automation purpose, and network flow appears to official GitHub endpoints via the official gh CLI. However, the skill is high risk because it enables autonomous commit/push/PR/reply actions in a polling loop, processes untrusted reviewer comments while retaining write/exec capability, and asks for overly broad permissions with an unsubstantiated TLS rationale. Not confirmed malware, but unsafe automation for an AI agent.