vs-fix

SUSPICIOUS. The skill’s core capabilities broadly match its bug-fixing purpose, and its only explicit external API path is official GitHub CLI usage. However, the combination of fully autonomous repo modification, generic dependency installation, local transitive skill loading, and processing untrusted GitHub issue content while retaining write/exec powers makes the skill medium-high risk.