capability-activation

The document is not executable malware but represents a high-risk policy that materially increases software supply-chain and privacy risk. By mandating frequent, unconditional invocation of external skill modules and forbidding alternative inspection, it widens the channel for malicious or privacy-invasive skills to be loaded and followed. Without strong platform safeguards (signed skill provenance, sandboxed execution, least-privilege data exposure, explicit user consent, and auditable logs), this policy should be treated as dangerous and subject to review, restriction, or removal.