r-expert

This document is a benign instructional skill describing R workflows and example code. It contains expected sources/sinks for such a skill (local files, DB, and example API request) and no hardcoded secrets, obfuscated code, or malicious routines. The main risk is operational: the declared allowed-tools entry ('Bash(R:*, Rscript:*)') is broad and, if actually granted to an executing agent, would allow arbitrary shell/Rscript execution and therefore could be abused to read sensitive files or exfiltrate data. That capability is disproportionate for a static documentation skill unless strictly sandboxed. Overall: no direct malware found in the content, but exercise caution around runtime tool permissions.