Add sandboxed code execution egress review skill

[YfengJ]

/claim #2431

Summary

• add a dedicated sandboxed-code-execution-egress-review skill for code execution sandboxes, notebook/code runners, plugin runtimes, CI job sandboxes, and worker products
• cover default-deny egress, metadata/internal blocking, secret isolation, helper channel consistency, tenant/data boundaries, and observability/response
• add vulnerable and benign fixtures for unrestricted sandbox egress versus an allowlisted isolated sandbox
• update index.yaml and quote the existing ISO framework values so the index parses cleanly

Validation

• RED check before implementation: confirmed the skill file and index entry were missing
• ruby -ryaml -e 'idx = YAML.load_file("index.yaml"); files = idx.fetch("skills").map { |s| s.fetch("file") }; missing = files.reject { |p| File.file?(p) }; abort "missing files:\n#{missing.join("\n")}" unless missing.empty?; count = idx.fetch("meta").fetch("skill_count"); abort "skill_count #{count} != #{files.size}" unless count == files.size; puts "index ok: #{files.size} skills"'
• ruby -e 'Dir["skills/**/*.md"].each { |f| n = File.read(f).scan(/^```/).size; abort "#{f}: odd fenced code count #{n}" if n.odd? }; puts "markdown fences ok"'
• find tests -name '*.json' -print0 | xargs -0 -n1 jq empty && echo 'json fixtures ok'
• git diff --cached --check

Requested bounty tier: Intermediate ($350). Payment details can be provided privately after maintainer acceptance.