flow-next-opencode-impl-review

SUSPICIOUS: the skill’s review purpose is coherent, but its actual footprint depends on a bundled repo-local flowctl executable and an externally trusted rp-cli/backend path that are not well verified here. Code is also sent to outside review systems, and the skill supports an autonomous fix/commit/re-review loop. Main concern is install/execution trust rather than confirmed malicious intent.