Phy Lenny Mentor

The skill's description matches a podcast-based mentor, but its runtime instructions ask the agent to search local project files (unspecified baseDir) without declaring any config paths; that gap and the proactive activation behavior warrant caution.

What to consider before installing: - The skill asks the agent to search local project files (look for lenny_wisdom_extracted.json and grep transcript .txt files) but the registry metadata does not declare any config paths. Confirm exactly where {baseDir} resolves to and whether the agent will be allowed to read arbitrary directories. - If you store any sensitive data in your project folders, this skill could access it when triggered. If you want to proceed, restrict transcripts to a dedicated, non-sensitive directory and update the skill (or your agent configuration) to limit file access to that path. - The skill has proactive activation rules. If you prefer manual control, disable automatic invocation for this skill (only allow explicit user triggers) to avoid unsolicited file searches. - Because the skill may quote or synthesize local excerpts, consider copyright and privacy implications of sharing transcript fragments externally. - If you can, ask the publisher for clarifications: where the skill looks for files, what {baseDir} means in your agent, and whether there are any remote network endpoints the skill would call (none are listed in SKILL.md). These answers would raise confidence and could move the assessment to benign.