A skill is just a program for an LLM agent. This just seems like works-as-expected. Are the five lines in the skill notably innocuous or something? I don't mean to dismiss it out of hand but I don't understand what happened here because it seems to read "`curl $url | bash` can exfiltrate data" which seems pretty straightforward that it can.

▲

mdavidn 4 hours ago | parent | next [-]

A skill is just instructions that the agent can autonomously copy into context. There’s no trust boundary between trusted and untrusted context.

	▲	jychang 3 hours ago \| parent [-]
		Yeah, this is your fault if you install the skill. This reads to me as "user installed exe file can upload your data to a server". Um, yes, that's the point? This seems like this generation's equivalent of "don't open Linkin-Park.mp3.exe from limewire"

▲

prpl 3 hours ago | parent | prev [-]

Right, people haven’t internalized that these are really just scripts in natural language.