ai-ml-expert

No direct malware is present in the provided source text, but the skill contains high-risk operational instructions: a mandatory Memory Protocol that reads/writes agent-local memory and a broad set of powerful tools (Bash, Read/Write/Edit, WebSearch). These allow sensitive data (system prompts, credentials) to be read and persisted and permit arbitrary shell execution at runtime. The core risk is information disclosure and potential for destructive or exfiltrative actions if the runtime enforces the declared capabilities without human oversight. I recommend removing or gating the Memory Protocol, narrowing tool permissions, sandboxing file access, and adding explicit user confirmation and auditing for any Bash or network operations.