pr-review-expert

The skill provides a comprehensive framework for PR reviews but includes high-risk instructions such as executing local tests (`npm test`, `pytest`) on untrusted code and utilizing sensitive API tokens (`JIRA_API_TOKEN`, `LINEAR_API_KEY`) via shell commands in SKILL.md. While these capabilities are aligned with the stated purpose, the inherent risk of Remote Code Execution (RCE) from malicious pull requests and the handling of secrets in a shell environment warrant a suspicious classification.