automatic-stateful-prompt-improver

Functional and coherent for its declared goal (automated prompt optimization via an external prompt-learning MCP). Primary security concern: automatic exfiltration of raw user prompts and feedback to an external service without explicit per-request consent, redaction, or retention controls — this creates medium-to-high privacy and supply-chain risk (possible leakage of PII, credentials, or sensitive content and long-term storage in an embedding index). Secondary concerns: autonomy/consent (the skill modifies user input by default) and a large trust boundary with the MCP server. No direct evidence of obfuscated or malicious payloads in the provided spec, but because the skill's core operation is to send user data off-host, organizational controls are required (explicit opt-in/opt-out, redaction, endpoint trust, retention policy, and limiting recorded feedback). Recommendations: require explicit user consent before optimization, implement automatic PII/secret redaction or local-only mode, minimize what is recorded in feedback, document retention/access controls for embeddings, and provide a transparent audit trail for what was sent to the MCP endpoints.