ESLint Auto-Fix Pipeline

SUSPICIOUS. The stated ESLint purpose is benign and coherent, but the actual footprint centers on installing a third-party skill bundle through unpinned registry tooling, with an unverifiable relationship between the listed marketplace/publisher and the claimed official ESLint source. This is a supply-chain and transitive-trust concern rather than confirmed malware.