bugfix

This skill is mostly coherent with a bug-fixing purpose, but its trust surface is larger than the description suggests: broad local execution rights, reliance on an external hoyeon-cli with no provenance here, and delegation to other skills for implementation/QA. No clear credential theft or exfiltration is shown, so this is better classified as suspicious/high-risk workflow design rather than malicious.