AnyLink to Note

The skill contains a significant shell injection vulnerability in the RSS extraction logic described in SKILL.md and references/url-types.md. The instructions direct the agent to execute a shell command (`curl -sL "<rss-url>" | python3 ...`) using a user-provided URL without sanitization, which could lead to arbitrary command execution. While the intent appears to be legitimate web scraping and note-taking, the implementation of the RSS and Playwright-based extraction methods poses a security risk.