pr-resolution

SUSPICIOUS: the skill’s purpose is coherent, but it grants a background agent broad autonomous control over code changes, pushes, PR mutations, and CI remediation while acting on untrusted PR content. No clear credential theft or exfiltration is shown, so this is high operational risk rather than confirmed malware.