1lou Search

The skill contains hardcoded plaintext credentials (username and password) for a local qBittorrent instance and references specific absolute file paths for a user named 'bluepop' (e.g., /Users/bluepop/Downloads/). While these appear to be personal configuration details in SKILL.md, hardcoding secrets and using fixed local paths are significant security vulnerabilities. The workflow also involves executing curl commands and browser automation to download files from various external domains (1lou.me, 1lou.one, etc.), which presents a risk of remote code execution if the external sites or search results are compromised.