military-flights

The skill mandates the global installation of an external NPM package (@fly-ai/flyai-cli) and requires the agent to execute shell commands to perform its functions. It also includes instructions in runbook.md to persist execution logs, including user queries, to a local hidden file (.flyai-execution-log.json). While these behaviors are technically aligned with the stated goal of providing real-time flight data via a CLI tool, the requirement for high-privilege system modifications (global npm install) and local file writes constitutes a significant security risk and potential for supply chain exploitation.