PAIUpgrade

SUSPICIOUS: the core purpose is plausible, but the footprint is broader than necessary and includes a mandatory silent localhost POST, extensive personal-context file access, and unverified internal script execution. Official CLIs reduce pure supply-chain concern, yet the undocumented local notification endpoint and prompt-injection-prone external research make this a medium/high-risk skill rather than a benign documentation helper.