skill-factory

The name/description (skill-factory / guide for creating skills) aligns with the SKILL.md: guidance about logging learnings, errors, feature requests and promoting useful items into project docs is coherent for a self-improvement / skill-authoring helper.

The instructions tell the agent to log errors, user corrections, API failures, feature requests, and other learnings into markdown files under `.learnings/` and to promote broadly applicable items into repo-level docs (CLAUDE.md, AGENTS.md, .github/copilot-instructions.md, TOOLS.md, etc.). This is within the stated purpose but has two risks: (1) it will persist arbitrary user-provided or tool output content to disk (which can include secrets or PII) and (2) it explicitly directs promotion to project-wide files which can change repo/agent behavior. The SKILL.md does not include safeguards (redaction, filtering, approval flow) or limits on what to log.

Instruction-only skill with no install steps, no downloads, and no code files — lowest install risk.

The skill requests no environment variables, credentials, or config paths. The absence of requested secrets is proportionate to its stated purpose. Note: despite no creds being requested, the instructions could cause sensitive data to be written to disk if the agent logs inputs that contain secrets.

always:false and no special privileges are requested, but the instructions explicitly recommend modifying/promoting content to repository-level files. That behavior gives the skill the practical ability to persist changes that affect other agents or project documentation; consider requiring manual review/approval before promotion.