pr-watch

SUSPICIOUS: the skill’s GitHub-only data flow is coherent with its PR-watching purpose, and install trust is relatively low risk because it uses the official gh CLI and GitHub APIs. The main issue is disproportionate autonomy: it continuously monitors untrusted PR comments and can decide to edit code, reply publicly, and possibly push changes in the background without per-action user confirmation.