upgrade-v3

SUSPICIOUS: the core migration/editing behavior is coherent and same-org, but the skill’s footprint is broader than a typical refactor helper. Live verification reads local credentials, can trigger real external workflows, can invoke another skill, and may push/create GitHub PRs in the SDK repo. These behaviors are partially justified but materially increase trust and operational risk.