auto-skill-fit

SUSPICIOUS: the skill's purpose matches its behavior, but that behavior is inherently high-trust because it searches for and installs other agent skills. Official `npx skills` usage reduces concern, yet the transitive installation model and optional reliance on a third-party `find-skills` skill make this a meaningful supply-chain risk rather than a benign helper.