help-me-review

This skill's behavior is consistent with its stated purpose: splitting diffs, grouping hunks into reviewer-focused sections, generating an HTML review UI, and applying exported reviewer comments. There are no instructions to download or execute remote binaries, no network exfiltration endpoints, and no requests for unrelated credentials. The primary security consideration is the standard supply-chain risk of executing local Node scripts in <skill_path>/scripts without inspection — those scripts can perform arbitrary actions on the user's machine. I recommend reviewing the scripts' contents before running them and ensuring that the GH CLI and git are used with appropriate account context. Overall the skill is low risk but requires standard operational caution when executing local scripts.