teaching-materials

Before installing or using this skill, consider the following: - Do not paste your site passwords into a skill unless you trust its origin. This SKILL.md asks for usernames/passwords for resource sites and will save them to a local file (d:/WorkBuddy/MyTeacher/accounts.json). - The skill mandates running a local script (~/.workbuddy/skills/dragon-ppt-maker/ppt_maker.py) and uses MCP/tool calls; verify those scripts/tools exist and inspect their source (they are not included with the skill). Malicious or buggy local scripts could run when this skill executes. - Paths are inconsistent (mix of ~ and d:/). Confirm the skill is intended for your OS and update paths if needed; running on a different OS may fail or write files to unexpected locations. - The skill will automatically scrape and download web resources. If you are uncomfortable with automatic downloads or offline storage of third‑party content, require manual approval for each download or avoid providing credentials. - If you decide to proceed: store credentials in a secure vault, not in plain text; if the skill insists on plain-file storage, refuse to provide passwords and use manual login methods instead. What would change the assessment to 'benign': the skill declaring and documenting its credential requirements in metadata, removing the need to collect raw passwords (use OAuth or token-based access), providing or linking to the required ppt-maker and MCP tools (so their code can be inspected), and fixing the path/OS inconsistencies.