fix-hard

SUSPICIOUS: the core bug-fixing purpose is legitimate, but the skill expands scope by dynamically activating other skills, incorporating untrusted internet research into a write-capable workflow, and enabling optional git push. This is not confirmed malware, but it carries medium risk due to transitive trust and prompt-injection exposure.