spark-recipe-invitation-manager

SUSPICIOUS: the functional scope is coherent and read-only, but the skill depends on an unverified `spark` CLI and an unseen `use-spark` base skill. No direct credential harvesting or exfiltration is evident here, yet the required execution surface is not publicly verifiable, so the overall risk remains high on supply-chain/trust grounds rather than confirmed malicious behavior.