security: remove supply chain risks, external promotions, and unauthorized credits

- Remove zenith.chat references and @DRodriguezFX shoutout from README
- Remove Inspiration Credits section (already in CHANGELOG.md)
- Remove awesome-agent-skills reference from Links
- Remove Plankton H3 section by @alxfazio (skill stays in skills/)
- Remove brand names (InsAIts, VideoDB, Evos) from v1.9.0 notes
- Remove @ericcai0814 individual credit from README (kept in CHANGELOG)
- Add Security Guide to Links section
- Replace curl-pipe-to-bash in autonomous-loops with review warning
- Replace git clone in plankton-code-quality with review warning
- Replace pip install git+ in agent-eval with review warning
- Replace npm install -g in dmux-workflows with review warning
- Add commercial API notice to nutrient-document-processing
- Remove VideoDB maintainer credit from videodb skill
- Replace skill-creator.app link with ECC-Tools GitHub App reference

skills/plankton-code-quality/SKILL.md

@@ -72,12 +72,9 @@ A PreToolUse hook on Bash blocks legacy package managers:
 
 ### Quick Start
 
-```bash
-# Clone Plankton into your project (or a shared location)
-# Note: Plankton is by @alxfazio
-git clone https://github.com/alexfazio/plankton.git
-cd plankton
+> **Note:** Plankton requires manual installation from its repository. Review the code before installing.
 
+```bash
 # Install core dependencies
 brew install jaq ruff uv