github-pr-reviewer

The skill is purpose-aligned and uses official GitHub tooling/endpoints, so it does not look malicious. However, it is a high-impact PR automation skill: it processes untrusted GitHub/repo content, may execute repository scripts, and posts review actions on the user's behalf, making it medium-high risk despite coherent design.