gather-plan-apply

[Skill Scanner] [Documentation context] Backtick command substitution detected The best-supported report is Report 2, which cleanly documents the GPA workflow with minimal assumptions and clearly defined batching rules. An improved synthesis emphasizes the protocol’s governance nature, its reliance on trusted tooling, and explicit loop-trigger conditions, while noting external tooling provenance as the principal risk. Overall, the GPA specification is benign and effectively communicates disciplined, batched operations for AI-assisted software analysis tasks. LLM verification: [LLM Escalated] This file is a policy/specification that instructs an AI agent to perform high-impact operations (repository discovery, batched edits, and running commands that install packages). It does not contain explicit malicious code or obfuscated payloads, but it permits actions that create real supply-chain and integrity risks (notably unpinned npm installs and automated write/exec operations). Recommend treating APPLY-phase operations (precision_exec/npm install and precision_write/precision_edit) as h