fix-linting-types-on-pr

SUSPICIOUS: the stated purpose is coherent, and the named tools are official, but the skill is high-risk because it checks out attacker-controlled PR code (including forks), runs project install/build commands on that code, edits files, and pushes results back using the user's credentials. The main issue is unsafe execution of untrusted PR content plus write-back capability, not overt malware or credential harvesting.