arch-council

SUSPICIOUS: the core debate/orchestration purpose matches the stated capability, and the CLI dependencies appear to be official. Risk comes from sending potentially sensitive multi-repo context to external model providers, processing untrusted repo content with prompt-injection exposure, and the optional skill self-update trust chain via `npx skills update`.