skill-search

The skill-search workflow provides useful discovery and retrieval capabilities but also endorses a high-risk download-and-execute pattern: fetching concatenated remote skill content and instructing users/agents to extract and run bundled scripts from /tmp without documented integrity checks or sandboxing. This creates a meaningful supply-chain and remote code execution risk (credential theft, data exfiltration, system compromise). Recommend restricting the tool to metadata and content previews, adding cryptographic verification (signed skill manifests), enforcing execution in strong sandboxed/isolated environments, using per-user ephemeral extraction paths with safe permissions, and requiring manual review or automated behavioral analysis before execution.