pr-fix

SUSPICIOUS. The core capabilities align with a PR-fixing skill and data stays within GitHub/project tooling, but the skill grants an agent high-impact autonomous GitHub actions and executes unpinned package-runner commands. This is not confirmed malware, yet it is a meaningful operational and supply-chain risk for an AI agent.