managing-temp-scripts

This skill is functionally consistent with its stated purpose (creating and running temporary scripts), but its capabilities are broad and inherently powerful. The fragment contains multiple risky practices: executing arbitrary generated code, installing packages at runtime from public registries, passing credentials on the command line, and writing .env files to /tmp without enforced secure defaults or sandboxing. Those behaviors are legitimate for some use cases but create substantial supply-chain and credential-exfiltration risk if misused or if attackers can influence script contents/dependencies. Verdict: SUSPICIOUS — usable but high-risk without additional runtime safeguards and stricter handling of secrets and dependency installation.