pr-review

The skill is purpose-aligned and uses mostly official tooling, but it is still risky because it instructs the agent to execute build/test commands on untrusted PR code and to take authenticated GitHub actions. This is best classified as SUSPICIOUS/HIGH-VULNERABILITY rather than malicious: no clear credential theft or covert exfiltration, but the review+execute combination is dangerous for an AI agent.