The Agent Skills Directory

[COMMAND_EXECUTION]: The modules/insight-generation.md module constructs and executes a Python script via python3 -c using shell variable interpolation for fields like $SUMMARY and $EVIDENCE. Since these variables are populated from the content of the files being analyzed, a maliciously crafted file could exploit this to execute arbitrary Python code on the host system.
[DATA_EXFILTRATION]: The skill automates the transmission of code findings, including source code snippets captured as evidence, to external GitHub Discussions. This poses a risk of exposing private or sensitive information from the user's workspace to a public or semi-public forum.
[COMMAND_EXECUTION]: The reporting script in modules/insight-generation.md references a hardcoded absolute file path (/home/alext/claude-night-market), which indicates the skill is tailored for a specific environment and may exhibit unexpected behavior or fail on other systems.
[COMMAND_EXECUTION]: The skill relies on executing external scripts such as plugins/conserve/scripts/detect_duplicates.py and plugins/abstract/scripts/post_insights_to_discussions.py which are not included in the skill package, making their behavior unverifiable and potentially risky.

code-refinement