second-opinion

This skill's stated purpose — running external LLM-based code reviews on diffs — aligns with the actions it performs (generating diffs, assembling prompts, calling external CLIs). However, several supply-chain and data-exfiltration risks are present and exceed what is strictly necessary for a code-review helper: it sends repository diffs and optional project files to third-party services, recommends installing third-party extensions from GitHub, and explicitly invokes Gemini with --yolo which grants extensions the ability to run actions without confirmation. These behaviors create a high-risk profile for accidental leakage of secrets and for transitive execution of unvetted code. The skill should be treated as suspicious for environments with sensitive data; mitigations should include redacting secrets from diffs, requiring explicit user confirmation before extension actions, avoiding --yolo where possible, validating extension sources, and documenting exactly what data is sent to remote services.