trade-fair

The skill instructs the agent to perform a global installation of an external NPM package (`npm i -g @fly-ai/flyai-cli`) if the CLI tool is missing (SKILL.md, references/fallbacks.md). While this behavior is aligned with the stated purpose of providing flight search capabilities, the automated global installation of third-party software is a high-risk operation that could facilitate remote code execution or supply chain attacks.