install-md

The YAML defines a capability that is inherently high-risk: generating machine-executable install.md intended for autonomous execution. The fragment itself contains no explicit malicious code, but it mandates reading a local reference and lacks visible safeguards, making it likely to produce dangerous download-and-execute installation artifacts or inadvertently exfiltrate secrets. Treat the skill as potentially dangerous until the referenced guide can be audited and concrete runtime controls are enforced (allowlists, secret redaction, human approval gates, sandboxed execution). Recommended actions: do not allow autonomous execution of generated install.md without human review; require the referenced guide to include strict safety constraints; implement domain/command allowlists and explicit prohibitions on embedding secrets or piping remote scripts directly into shells.