Dagny Nostr (nak)

The `SKILL.md` instructs the agent to install the `nak` CLI tool using a `curl | sh` pipeline (`curl -sSL https://raw.githubusercontent.com/fiatjaf/nak/master/install.sh | sh`). This method executes arbitrary remote code without prior review, posing a significant supply chain risk and remote code execution vulnerability. While the stated purpose is to install a legitimate tool, this practice is inherently insecure and could be exploited if the remote source (GitHub repository or CDN) were compromised.