System Monitor Pro

The `monitor.js` script contains a critical shell injection vulnerability (Remote Code Execution) in the `remoteRun` function. The `remoteHost` variable, derived directly from user input via `process.argv`, is used unescaped within an `ssh` command executed by `execSync`. This allows an attacker to inject and execute arbitrary commands on the local machine running the skill. Additionally, the `SKILL.md` instructions for `--remote user@host` present a prompt injection risk if the agent does not properly sanitize user-provided arguments before execution. The use of `StrictHostKeyChecking=no` also weakens SSH security.