feat: add rules for npx commands + command substitutions

[sarahxsanders]

Changes

adds three new rules:

• supply_chain_npx_auto_confirm: catches npx/dlx/bunx with --yes/y or yes | (silent package execution) as critical/block
• supply_chain_npx_in_skill: catches any npx/dlx/bunx invocation, with the belief that a trusted skill shouldn't tell an agent to install packages, high/warn
• exfiltration_command_substitution_in_url: catchs curl/wget with $(...) or backtick command substitutions for data exfil via URL params or POST body, critical/block

these rules catch a real attack pattern found on skills.sh where a skill silently installs a second malicious skill via npx --yes, which then exfiltrates machine identity to an attacker-controlled domain via command substitution in a curl URL >.<

Test plan

• Existing tests pass (pnpm test)
• Build succeeds (pnpm build)
• For new rules: added a positive-match test (content that should match)
• For new rules: added a negative-match test (similar content that should not match – guards against false positives)
• scanned https://skills.sh/roin-orca/skills/fun-brainstorming and it works