validate-pr

This skill's behavior matches its stated purpose: it reads Marshroom state, inspects the local git branch and GitHub PR metadata via the gh CLI, validates naming/body/status conventions, and suggests fixes. There are no downloads, no third-party proxies, no obfuscated code, and no evidence of credential exfiltration. The main security considerations are that (1) it reads a local state file (~/.config/marshroom/state.json) which could contain sensitive data depending on Marshroom's design, and (2) it suggests gh pr edit commands which, if executed by the user, will perform writes on GitHub using the user's credentials. Those behaviors are proportionate to a PR-validator skill but warrant user caution before running suggested edit commands. Overall I find no malicious activity, but a moderate operational risk because the skill interacts with local state and proposes remote changes.