context-scope

Purpose and capability are mostly aligned: it scopes file annotations before editing. The main concern is install/execution trust because it executes an unpinned external npm CLI with unclear same-publisher verification; this is suspicious supply-chain exposure, not confirmed malware.