resolve-pr-parallel

The skill's stated purpose (automatically resolving PR review threads) aligns with the actions described (fetching unresolved threads, editing files, committing, and resolving via GitHub API). However, it requires executing local shell scripts and gives automated subagents the authority to modify the repository and push commits. These behaviors are coherent with the purpose but raise supply-chain and autonomy risks: (1) running scripts from ${CLAUDE_PLUGIN_ROOT} can execute arbitrary code if that path is untrusted or writable, (2) using the gh CLI will use local credentials which could be misused if subagents are compromised, and (3) spawning parallel agents that autonomously commit and push increases the chance of large-scale unintended or malicious changes without human review. I assess low likelihood of explicit malware in the content provided, but a moderate-to-high operational security risk due to execution scope and autonomous pushes. Recommend restricting script sources, adding explicit permission and scope checks, requiring human review/approve before pushes, and limiting subagent filesystem and network capabilities.