fix-issue

SUSPICIOUS: the core workflow is plausibly legitimate for automated issue fixing, but the skill has broad execution authority, can take autonomous repo actions, chains to other skills, and includes a likely unofficial Bitbucket CLI path. This is not confirmed malware, but it exceeds low-risk workflow guidance and should be treated as medium risk automation with supply-chain and trust-boundary concerns.