review-ui

SUSPICIOUS. The core review purpose is plausible, but the skill combines a high-trust third-party GitHub install with explicit system-prompt interrogation and access to sensitive transcript/plan files. No clear attacker exfiltration endpoint is shown, so this is not confirmed malware, but the capability set is broader and riskier than a simple review UI should require.