recover

SUSPICIOUS. The core behavior mostly matches a context-recovery skill and local file/git access is proportionate, but the optional helper CLI ecosystem introduces medium supply-chain and data-flow uncertainty. The install guidance for `ao` and `gt` does not match verified upstream docs, and the skill can forward project context to `ao` services via lookup/metrics/codex commands. This is not clearly malicious, but the dependency trust and outbound context flow are inconsistent enough to warrant caution.