Infinity Poke Recipe Generator

This skill is internally coherent and low-risk, but review a few points before installing or running it: - Template/key mismatches: the included templates and scripts use slightly different field names (e.g., references use serverUrl/authType while some generated/integration JSON and the renderer expect url/authentication). This will likely lead to missing fields in rendered instructions; verify and fix field names before publishing or relying on automation. - Network access: the SKILL.md recommends fetching https://poke.com/recipes to check for duplicates. That is a public GET; confirm you are comfortable with the agent or your environment making that outbound request, and ensure no sensitive data is sent to that site. - File reads/writes: the scripts read recipe.json and write files into the out path you provide. Run them in a safe, intended directory and double-check the generated files before running any generated CLI commands. - CLI bootstrap commands (npx poke@latest ...): these are only printed into instructions; the skill does not execute them. Inspect the generated commands and integration URLs before running them. Replace any 'TODO' placeholders with real endpoints and validate authentication requirements. - Source transparency: the skill has no homepage and an unknown source. That by itself isn't a security red flag for this scaffolding tool, but if you need higher assurance prefer code from a known author or run the scripts in an isolated environment first. If you plan to use the Upload-assist mode, be explicit about which local files the agent can read and make sure no unrelated sensitive files are accessible to the agent.