code-review

SUSPICIOUS: The skill’s core purpose is coherent, and its git/GitHub read operations are proportionate for code review. The main risk is delegation of repository diffs and context to an unverified `popcorn-xp:code-reviewer` agent, combined with classic indirect prompt-injection exposure from untrusted PR content. No clear credential harvesting, malicious exfiltration endpoint, or deceptive install chain is present in the skill text itself, but the unresolved reviewer-agent provenance keeps risk elevated.