update-everything

Benign with elevated risk due to the use of external metadata endpoints for toolchain alignment (external JSON/XML feeds). No credential harvesting, no autonomous destructive actions, and the workflow adheres to a well-scoped dependency-update use case. The primary security consideration is ensuring external toolchain metadata are trusted and validated (checksums, signatures) where possible, and that any automated toolchain changes are reviewable in PRs. Overall, the skill footprint is coherent with its stated purpose and is proportionate in scope; maintain caution around external alignment sources and ensure proper vetting of any automated commit/push behavior.