go-code-review

SUSPICIOUS. The skill's core review behavior is broadly aligned with its stated purpose and uses mostly legitimate developer tooling, but its footprint is wider than claimed: it enables Bash execution on untrusted repositories, reads repo-provided instructions, and grants Write/Edit/Skill tools despite asserting strict read-only review. This looks more like an overprivileged review operator than malware, with medium security risk driven by execution and permission scope rather than credential theft or exfiltration.