comet-hotfix

SUSPICIOUS: the skill's purpose is coherent for a bug-fix workflow, but its trust model is weak. It executes a locally discovered shell script, automatically performs code changes and commits, and depends on multiple transitive skill loads. No clear credential theft or external exfiltration is present, so this is not confirmed malware, but it carries medium security risk.