beepctl

The skill bundle is classified as suspicious due to its inherent capabilities that, if exploited via prompt injection against the AI agent, could lead to data exfiltration or arbitrary file writes. Specifically, the `beepctl focus -a /path/file` command allows reading arbitrary local files and preparing them as attachments, and `beepctl download <mxc-url> -o /path` allows writing downloaded files to arbitrary local paths. While the `SKILL.md` explicitly warns against sending messages without user approval, the underlying capabilities to access local files and send messages to external platforms (Telegram, WhatsApp, etc.) present a significant risk if the agent's instructions are overridden.