biz-in-a-box

The SKILL.md file instructs the AI agent to execute `git clone https://github.com/taylorhou/biz-in-a-box` from an external GitHub repository and then run `node validate.js` from the cloned directory. This constitutes a significant Remote Code Execution (RCE) vulnerability and a supply chain risk. If the external repository were compromised, the agent would download and execute arbitrary malicious code, even though the stated purpose of the skill (business ledger management) appears benign.