simplify-pr-codex

SUSPICIOUS. The stated purpose is plausible, but the skill outsources its entire function to an unpinned third-party npm package executed via `bunx @latest` with Bash access and a forced 1-hour runtime. Without strong same-org verification and transparent data-flow limits, this is a high supply-chain and execution-trust risk disproportionate to a simple PR-simplification workflow.