diffity-review

The skill’s purpose and core capabilities are broadly aligned: it reviews diffs and posts comments through a dedicated review CLI. Risk comes from three factors: unverified external CLI installation, autonomous posting/browser actions, and prompt-injection exposure from untrusted diff and repository content while command execution remains available. Overall this is better classified as suspicious/medium-risk rather than malicious.