autopilot

This knowledge-base contains multiple high-risk operational patterns for a distributed automation skill: hardcoded/shared API keys distributed to all users, silent network operations (silent AppleScript sends, automatic SMTP/resend calls), running remote install scripts via curl|sh, and automatic storage/reading of credentials. These patterns materially increase supply-chain and privacy risk and would enable covert exfiltration or large-scale misuse if implemented. The document is not outright malware code, but it prescribes behaviors that are dangerous in a supply-chain context and should be considered high risk; do not embed pre-shared keys, avoid curl|sh installers without verification, require explicit user consent and visible actions for sending files/credentials, and avoid silent writes of credentials.