review-gemini

SUSPICIOUS. The stated purpose is simple code review, but the skill achieves it by downloading and executing an unpinned third-party package as its primary mechanism. That install/exec trust is disproportionate to the task, broad Bash(bunx:*) access is wider than needed, and any local Gemini credentials or repo contents may be exposed to code outside the official Gemini distribution path.