babysit-pr

SUSPICIOUS: the skill is coherent with its PR-babysitting purpose and uses official GitHub tooling, so install/data-flow trust looks mostly benign. The main risk is scope: it grants an AI agent autonomous repo actions over time—polling, reruns, code edits, commits, pushes, and public PR comments—based on untrusted PR and CI content, which is higher-risk than a read-only watcher.