update-pr

SUSPICIOUS: the skill's stated purpose is legitimate and its repo/GitHub access is proportionate, but it achieves this by executing an unpinned third-party npm package via bunx @latest. That creates a meaningful supply-chain and possible credential-forwarding risk because remote code receives PR content and may operate with GitHub auth, even though no explicit malicious endpoint or confirmed exfiltration is shown.