write-coding-standards-from-file

The provided skill description is not malicious in itself: it outlines a generator for coding standards that reads repository files, optionally fetches public style guides, identifies inconsistencies, and can create or modify files or tests. I found no encoded payloads, command-and-control, credential harvesting, or shell-execution patterns. The primary security concerns are operational: unguarded network fetches and default behavior that writes to the repository and may auto-apply fixes. To reduce supply-chain risk, require explicit user approval before any file modifications, restrict remote fetches to an allowlist of documented style-guide URLs (and validate content), prefer a dry-run/read-only default, and surface proposed edits as patches for human review rather than applying them automatically.