autonomous-review

SUSPICIOUS. The skill is purpose-aligned for autonomous PR review, but its footprint is high-risk because it combines untrusted PR/comment input, browser automation, shell execution, token-backed GitHub writes, and explicit approve/merge authority. Install trust is mostly acceptable for official tooling, and there is no clear exfiltration or malware behavior, but the autonomous real-world actions and prompt-injection surface make this a high-security-risk review skill.