alt Hacker Newsi think people are probably already doing it. i made a skill scanner but it's also just easy to download a zip and inspect the contents... but people are loading these things remotely. i agree that it is easy to not install a pentester's magic skill, but the attack capabilities a skill can have are pretty insane. people should just make their own is my pov.
While debugging in Cursor a couple weeks ago, Opus 4.6 chirped it had discovered that my token, when base64 decoded, had a date that was in the past - perhaps expired?
And it was expired!
And I was happy. And some time passed - and I realized it had read my .env file and performed operations on my API keys.
That these models do all this stuff already makes me assume any skill take over is simply trivial.