mycelium

SUSPICIOUS: the intended capability—managing repository memory via git notes—is coherent and proportionate, and no credential theft or off-platform API routing is shown. However, the skill’s core functionality depends on an unverifiable local CLI (`mycelium.sh`) with no documented publisher, source, or release trail, so the install/execution trust is materially weak and drives the risk high.