skill-tracker

This skill is largely coherent for a local usage-tracker, but consider the following before installing: - Clarify the file-update semantics: the SKILL.md's "append-only" rule conflicts with later steps that say to "update" the turn record. Ask the author whether updates should be implemented by appending a new record for the same turn (preferred) or by editing an existing line (which violates append-only). - Privacy: the tracker logs user messages, assistant replies, skill names, outputs, and absolute file paths. Decide whether conversational content should be recorded at all. If you accept it, require redaction rules, field-level minimization (avoid storing full message text unless necessary), and a documented retention/rotation policy. - Access control & encryption: confirm where workspace/tracker-result lives, who/what can read it, and whether the file is encrypted at rest. Other skills or system components may be able to read workspace files. - Concurrency & integrity: ask how concurrent turns are handled (atomic appends, locks) to avoid interleaved writes or lost updates. Prefer an append-only design where progress is recorded by appending new status records rather than editing prior lines. - Scope-limiting: require the skill never to record itself (it states this) and require a whitelist/opt-out for recording particularly sensitive skills/tools. - Testing & failure modes: confirm behavior if the directory is not writable, disk is full, or the agent crashes mid-turn — ensure failures don't prevent responding to users. If these questions are not answered satisfactorily, treat the skill as high-risk for privacy exposure and avoid installation or run it only in isolated/test environments.