resolve-pr-feedback

SUSPICIOUS: The skill is broadly aligned with its stated PR-feedback purpose and uses official GitHub flows, but it grants high-impact autonomous write actions (commit/push/comment/resolve) and processes untrusted PR text while spawning downstream agents. The main concern is operational risk and transitive agent trust, not malware or credential theft.