diffity-resolve-tree

SUSPICIOUS: the skill’s behavior mostly matches its stated code-review purpose, but it depends on a not-clearly-verified external CLI and converts untrusted remote comments into code edits and remote actions. This looks more like a workflow skill with meaningful supply-chain and prompt-injection risk than outright malicious content.