smart-bug-fix

The skill’s capabilities are broadly aligned with its debugging purpose, but it carries medium security risk because it executes third-party tooling via `npx`, sends repository context to multiple external model services, and allows automated code modification. This looks more like a high-risk automation workflow than a malicious skill.