version-updates

SUSPICIOUS: purpose and capabilities are mostly aligned for version management, with no evident credential theft or exfiltration. Main concerns are transitive skill trust and execution of repo-local scripts/tests through Bash, which create moderate supply-chain risk disproportionate only if the surrounding plugin/repo is untrusted.