update-rules

This skill's functionality is consistent with its stated purpose: reading session context and repository rule files, extracting/categorizing learnings, and updating documentation. It does not include network downloads, credential harvesting, or remote exfiltration. The primary security concern is accidental persistence of sensitive or out-of-scope session content into long-lived repository files and the potential for broad file access because of generic Read/Edit/Grep/Glob permissions. Recommend: (1) limit edit/read scope to the explicit rules file paths, (2) add explicit filters to redact secrets and PII from session-derived content before writing, and (3) require explicit user confirmation before making changes or applying conflict resolutions.