1. Why are the `Skill` and `RootSyncInvestigation` kinds separate CRDs rather than one combined resource with `spec.instructions` inline?
2. A skill ships with body text that names a destructive verb (`kubectl exec`) but `spec.requiresConfirmation` is set to `false`. What happens when it's applied to the cluster?
3. The safety triangle is three layers — RBAC at the API server, the controller's tool whitelist, and the output filter on `.status`. Which layer would block a skill that names a permitted verb (`kubectl get pods`) but uses it on an unexpected resource (pods in a namespace the controller has no business reading)?
4. For v1 of any new Investigation kind, the design rule is 'always decide-and-propose, never decide-and-act'. Why?
5. RootSync investigation is the right first Investigation kind to build for which reason?
6. Even with the full safety triangle in place, the cluster does NOT defend against three classes of risk. Which is one of them?
7. The investigation skill you write in L13 is valuable before the controller exists for which reason?
8. When should the controller's reconcile loop call the LLM?