address-code-review

SUSPICIOUS: The skill is broadly aligned with code-review remediation and uses official tools, so install trust is acceptable. However, it mixes untrusted external review content with write access and outbound GitHub actions, and it instructs the agent to autonomously reply/resolve threads, creating medium security risk despite a legitimate purpose.