notifications

SUSPICIOUS: the stated purpose is coherent, but the skill routes GitHub credentials and notification actions through a non-official `gh-manager` CLI without install/provenance details. No clear exfiltration or stealth is shown, yet credential forwarding to third-party tooling and account-state mutation make the footprint riskier than necessary for a notifications skill.