summon

SUSPICIOUS: the skill’s orchestration purpose broadly matches its lifecycle-management behavior, but it is a high-risk autonomous controller with broad action permissions, recursive skill delegation, untrusted GitHub-content intake, cron-based self-healing, and optional automatic PR merges. The main concern is not malware but disproportionate autonomous control and transitive trust.