detect-product

This skill is a local repository-analysis specification that reads repo files and local plugin docs, performs detection via Glob/Grep, and writes structured output to a designated outputs directory. There are no remote downloads, credential harvesting, command execution, or obfuscated payloads in the provided fragment. The primary security considerations are operational: the skill is granted Edit access to configuration/seed files and depends on external protocol documents under ${CLAUDE_PLUGIN_ROOT} which should be audited. If those external documents are trusted and the HARD STOP for user approval is enforced before any edits, the skill is low risk for malicious behavior. If untrusted or automatable edits are allowed without approval, that increases the risk.