technology-porter

The skill metadata defines a useful cross-language migration and equivalency-testing capability, but a major security risk arises from its declared behavior of automatically ingesting and prioritizing Confidential and Personal knowledge without documented safeguards. The YAML itself contains no executable malware and no obfuscation markers, but the policy-level decision to process secrets increases the chance of accidental credential leakage into generated code, logs, or external services. Recommend implementing strict, auditable secret-handling controls, least-privilege runtime permissions, explicit user consent for confidential sources, and automatic redaction/provenance features before using this skill against sensitive repositories.