auto-review-loop

SUSPICIOUS. The skill’s purpose broadly matches its behavior, and there is no clear malware or deceptive installer pattern. However, it gives an AI agent broad autonomous Bash access, lets external reviewer output steer code and command execution, and repeatedly sends project context to a remote service. The main risk is overbroad autonomous execution and indirect prompt-injection exposure, not confirmed malicious intent.