plan-issue-codex

Medium risk. The skill's purpose and capability are aligned, but it delegates all behavior to a third-party npm package fetched and executed at runtime with `@latest`, creating a real supply-chain trust issue without clear evidence of malicious intent.