subagent-review

SUSPICIOUS. The skill’s stated purpose matches code/design review, and its tool/data flows mostly align with that purpose, using official GitHub and local git commands. The main security issue is that it force-feeds untrusted PR/issue/repo content into 10 parallel subagents, including `codex exec` with workspace-write, creating significant indirect prompt-injection and agent-execution risk. No clear credential harvesting, malicious exfiltration endpoint, or deceptive install path is present.