project-documentation

SUSPICIOUS: the core documentation behavior is proportionate and benign, but the mandatory check for and optional installation of a separate third-party skill introduces unnecessary transitive trust and supply-chain risk. The main concern is not documentation editing itself, but instructing the agent to fetch and load another skill from GitHub with broad inherited permissions.