himalaya

This document is a benign README/instruction set for the Himalaya CLI email client. Its described capabilities (reading a config file, optionally executing secret-retrieval commands, connecting to IMAP/SMTP, composing and sending mail, saving attachments) are consistent and proportionate to the stated purpose. No malicious code, obfuscated payloads, download-execute patterns, or third-party exfiltration endpoints are present. The primary security considerations are user-side: (1) auth.cmd executes whatever command the user places in the config — use only trusted helpers like `pass` or system keyring; (2) avoid storing plaintext passwords in config.toml; (3) protect the config file permissions to prevent tampering. Overall the skill/documentation is not malicious but has normal sensitivity due to handling credentials and running configured helper commands.