A skill is just instructions that the agent can autonomously copy into context. There’s no trust boundary between trusted and untrusted context.

Yeah, this is your fault if you install the skill.

This reads to me as "user installed exe file can upload your data to a server". Um, yes, that's the point?

This seems like this generation's equivalent of "don't open Linkin-Park.mp3.exe from limewire"