review-demos

SUSPICIOUS. The core workflow matches the stated purpose, and most network endpoints are same-org psquared.dev services, but the skill is high-trust: it reads local secrets, consumes untrusted web content, and can autonomously publish agents, mutate CRM records, and run direct SQL updates. The main concern is overbroad write capability and prompt-injection risk rather than confirmed malware.