act Local GitHub Actions Runner

SUSPICIOUS: the core capability matches the stated CI/CD purpose, and upstream act is a real official tool, but the skill’s own installation path is a third-party transitive skill install unrelated to nektos. Risk is driven more by registry trust and local execution of arbitrary workflow steps than by evidence of credential theft or overtly malicious behavior.