review-pull-request

The skill fragment is a documentation-driven PR review workflow description. It intentionally relies on standard GitHub CLI commands to fetch PR data and post reviews. There are no embedded executables, no hardcoded secrets, and no external data exfiltration patterns evident within the fragment itself. The data flows are consistent with a legitimate PR review tool: fetch PR details, analyze diffs/commits/CI, and post structured feedback via gh pr review. The footprint is coherent with its stated purpose and does not introduce apparent supply-chain or credential-harvesting risks in isolation. Overall risk is low-to-moderate due to reliance on user-authenticated CLI calls and potential operational misuse if not properly controlled, but no strong indicators of malicious behavior are present in the fragment itself.