github-review

The skill description is coherent: it outlines a plausible workflow for collecting context, performing a standards-based review, and publishing results on a PR. The required inputs/outputs and publish mechanisms are consistent with the stated purpose. Security posture is appropriate: it relies on standard GitHub authentication tokens and official CLI pathways (gh/ghx) without introducing external data sinks or custom executable downloads. No malicious data flows or credential exfiltration patterns are evident in the provided manifest. Potential operational risks are primarily around token permissions, proper handling of artifacts, and ensuring that publication does not reveal sensitive internal context beyond what is intended for code reviews. Overall, the skill appears benign and fit-for-purpose when used as described, with moderate risk related to credential scope and correct handling of context artifacts.