opencli-autofix

SUSPICIOUS: the skill’s purpose and capabilities mostly align, but it lets the agent process untrusted live website content and then autonomously edit local code and rerun commands. There is no obvious credential harvesting or off-platform exfiltration, so this is not malicious, but the read-external/write-local loop creates medium security risk.