hunk-review

SUSPICIOUS due to install/execution trust: the skill is coherent and locally scoped for interactive diff review, but it depends on an unverifiable `hunk` CLI/local daemon whose official provenance was not established in the provided evidence. No clear credential theft, remote routing, or exfiltration is described, so this looks like a trust/supply-chain concern rather than confirmed malware.