rollinggo-flight-search-skill

The skill provides flight search capabilities via a CLI tool but includes high-risk installation patterns and versioning practices. Specifically, the reference files (rollinggo-flight-npx.md and rollinggo-flight-uvx.md) provide instructions for the agent to execute remote scripts via 'curl | sh' and 'irm | iex' (from raw.githubusercontent.com) if standard runtimes are missing. Additionally, the skill consistently uses unpinned package versions (@latest) in its installation and execution commands, which introduces supply chain risks. While these behaviors appear intended for legitimate setup and functionality, they represent significant security risks in an automated agent environment.