Missing User Warnings
Medium
- Confidence
- 90% confidence
- Finding
- The skill exposes commands that install packages, update local skill directories, force overwrites, and publish local content to a remote registry without any safety guidance or confirmation advice. In an agent setting, this increases the chance of unintended filesystem modification, pulling untrusted code/content, or accidental data publication, especially with commands like `update --all --no-input --force` and `publish`.
