research-lit

SUSPICIOUS: the core purpose is coherent, but the footprint is broader than needed and relies on unverified third-party MCP servers for access to private research notes and annotations. Main risks are overbroad Bash permission and indirect prompt-injection/data-routing exposure rather than confirmed malicious behavior.