Knowledge Habit Skill

The skill functions primarily as a downloader/installer that fetches external code from a GitHub repository (github.com/puppetcat-fire/knowledge-habit-tracker.git) and executes it via 'npm install' inside 'install.sh'. This pattern is risky because the core logic of the application is not contained within the analyzed bundle, bypassing static analysis. Additionally, 'install.sh' uses interactive shell prompts and performs symlink operations ('ln -sf') based on user-provided paths, which could lead to local file system manipulation if exploited.