anki

The Anki skill presents a coherent and proportionate footprint for its stated purpose: it interfaces with a locally running AnkiConnect API via a controlled script to create, update, delete, and query flashcards, with explicit user approvals for destructive or irreversible actions. The data flow remains local, credentials are not required, and there are safety prompts to prevent unintended data changes. While there is a minor risk if the underlying script is tampered with, there is no evidence of remote data exfiltration or unauthorized third-party installs. Overall, the security posture is benign with moderate risk tied to potential script integrity and local API reliance.