cmd-setup-phoenix-duskmoon

SUSPICIOUS: the core Phoenix/DuskMoon setup actions are broadly aligned with the stated purpose, but the skill meaningfully exceeds a simple local setup by instructing transitive use of other skills and allowing autonomous GitHub issue creation. Dependency installs are expected and not inherently malicious, but the combination of transitive trust and public-posting behavior makes this medium risk rather than benign.