team-update

SUSPICIOUS. The stated purpose matches the workflow, and there is no installer or obvious credential-harvesting behavior. The main concerns are wildcard tool permissions and prompt-injection exposure from reading untrusted external chat/issues while retaining broad action capability. External actions are approval-gated, which lowers but does not remove the risk.