codemod-gen

SUSPICIOUS: The stated purpose is coherent, but the skill asks users to execute an unverified npm CLI with `npx`, provide an OpenAI API key, and likely send code/context to an unspecified external AI backend. This is not fundamentally incompatible with a codemod generator, but install trust and data-flow transparency are incomplete, so risk is medium rather than benign.