Context-Aware Delegation (SmartBeat)

The name/description say the skill will let isolated sessions read the main session's history; the SKILL.md explicitly uses sessions_list and sessions_history and includes examples doing exactly that. There are no unexpected env vars, binaries, or install steps that conflict with the stated purpose.

The runtime instructions consistently instruct an isolated session to call sessions_history and read memory files, which is exactly the advertised behavior. However, examples also instruct the agent to check email, calendar, and to send messages via Telegram or SMTP. Those actions expand the data flow (conversation history → sub-agent → external delivery) and may expose sensitive conversation contents if the sub-agent or delivery credentials/tools are not trusted. The SKILL.md does not itself supply or require credentials, but it tells the agent to use other skills/tools that do.

Instruction-only skill with no install spec and no downloaded code beyond small example files. This is the lowest-risk install pattern and is coherent with an orchestration-style skill.

The skill declares no required environment variables or secrets, which matches the instruction-only nature. That said, the examples assume use of other skills (email/calendar/Telegram/SMTP) that generally require credentials; the skill's instructions will cause those credentials to be used if present. This is not an immediate mismatch but is a privacy/credential flow you should evaluate before enabling.

always is false and the skill is user-invocable with normal autonomous invocation allowed. The skill does not request permanent system presence or modify other skills' configs. Its behavior (invoking sessions_history from isolated sessions) relies on existing platform tools rather than escalating privileges.