orchestrate

SUSPICIOUS: the visible stub is small and its stated purpose is plausible, but almost all real behavior is delegated to an unseen local workflow. Gemini CLI likely comes from an official source, yet the hidden workflow could materially expand command, credential, or network scope; MCP memory provenance is also unspecified. Risk is driven more by opacity and delegated execution than by confirmed malicious behavior.