async-pr-review

SUSPICIOUS: the skill's core behavior matches asynchronous PR review, and the Gemini dependency appears to be an official Google tool rather than an unknown payload. The main risk is proportional but real: untrusted PR content is analyzed by an external LLM service and the workflow can run background checks autonomously, so private code exposure and prompt-injection-style influence are the primary concerns.