update-supported-os

SUSPICIOUS: the skill is largely aligned with its stated repository-maintenance purpose and uses mostly official endpoints, but it relies on an unpinned external CLI from a personal GitHub Packages namespace and instructs clear-text package credential storage. This looks more like medium supply-chain and credential-handling risk than malware or clear exfiltration.