Security Review Workflow

The skill's instructions, inputs, and required capabilities align with a focused diff-based security review; it requests no installs, credentials, or unexpected privileges.

This skill appears coherent and safe in scope, but follow these precautions before enabling it: (1) Provide only the minimal diff/changed-files and needed context—do not feed secrets or large private blobs to a third-party model. (2) Prefer running reviews locally or within your trusted environment if code contains sensitive data. (3) Verify the provenance/source before using in sensitive projects (the registry metadata shows an unknown owner and no homepage). (4) Test on a non-sensitive branch/PR to confirm the agent's behavior and outputs match your expectations (it is aggressive about suppressing low-confidence findings).