review-code

SUSPICIOUS: the skill is purpose-aligned for code review, but its footprint is moderately risky because it turns untrusted review/comment content into direct code edits and executes repo-defined test/lint commands. No obvious credential harvesting, exfiltration endpoint, or malicious install behavior is present.