The skill claims to reduce exec usage for batch file operations and the Python script implements read, write, append, list, and search operations — this is coherent with the name/description. However the SKILL.md examples reference a different filename (exec-batch-skill.py) and present a simplified 'search <query>' API that does not match the script signature (script requires <path> <pattern>). The mismatch between documentation and code is a red flag for sloppy packaging or misconfiguration.

SKILL.md instructs running a Python helper to read/write/search files which is within the stated purpose, but the docs are inaccurate (wrong script name and wrong search args). The script itself performs unconstrained filesystem I/O (reading arbitrary files, writing/appending, listing directories, recursive glob search). That capability is expected for a file-processing tool, but because the instructions are wrong and the script accepts arbitrary paths/contents (and does not sanitize or join argv content), an agent or user could accidentally read or overwrite sensitive files if invoked with broad access. The script also takes the content argument as a single argv token, so multi-word content will be truncated unless callers join args — another usability/behavior mismatch.

No install spec — instruction-only with a single Python script. Nothing is written to disk by an installer beyond the provided file in the skill bundle.

The skill requires no environment variables or external credentials. The filesystem access it requests is aligned with its stated purpose, but still powerful: read/write/list/search operate on arbitrary paths without restrictions.

always is false and the skill does not request persistent or cross-skill configuration. Autonomous invocation (disable-model-invocation false) is the platform default; this combined with unrestricted file I/O increases blast radius but is not itself a packaging inconsistency.