Missing User Warnings
Medium
- Confidence
- 91% confidence
- Finding
- The skill explicitly instructs updating rule files in two locations, including a global path under ~/.claude, but does not require explicit user confirmation or clearly warn that configuration files will be modified. This can lead to unintended persistent changes to user settings/workspace state, especially if the vault or workspace path is misconfigured or attacker-influenced.
