目的地国家/地区旅行安全与禁忌提示

This skill appears to do what it says (generate a travel-safety HTML card) and requests no credentials, but it leaves two operational details unspecified that you should confirm before installing or allowing autonomous runs: - Where will the generated HTML be hosted/shared? The SKILL.md tells the agent to "provide the link" but does not constrain how. Ask or configure the agent to (a) return the HTML as an attachment or inline output instead of uploading to unknown third-party services, or (b) restrict uploads to approved internal storage. Prevent automatic uploads to paste sites, cloud storage, or other public endpoints unless you explicitly accept that. - What sources will the agent use for "research" and fact-checking? If you care about accuracy and privacy, require the agent to cite official sources (government, local consulate, established travel advisories) and avoid pulling data from untrusted or user-contributed sites. You may also restrict or audit any web-browsing tool the agent uses. Additional practical steps: - Test the skill with a non-sensitive destination first and verify the generated HTML before any sharing. - If you enable autonomous invocation, limit network/upload permissions or monitor the skill's activity so it cannot exfiltrate context unexpectedly. - Review the final HTML for any embedded links or third-party resources before distributing it. If you want, I can suggest a short modification to SKILL.md that constrains hosting behavior (e.g., "do not upload to external services; return file inline or attach to the conversation") and mandates citation of official sources — that would reduce the remaining concern.