meta-docs

The skill describes a focused docs-management workflow with local file operations that align with its stated purpose. However, the install path relies on a curl | sh pattern to fetch and execute a remote installer, which is a notable supply-chain and remote code-execution risk. This pattern, combined with reliance on an external tool installed outside official registries, makes the overall security posture Suspicious and warrants caution. Data flows are mostly local and metadata usage is typical for Git-based workflows, but the initial installation vector and potential broad execution permissions elevate risk. Overall, the capability set is coherent with its purpose, but the installation approach and external tool dependency introduce meaningful security concerns that should be mitigated (e.g., using signed installers, official registries, or pre-verified binaries).