Friends

The described purpose (personal friendship tracking) matches the instructions (one Markdown file per friend, logging interactions, proactive reminders). However the skill explicitly instructs creating ~/friends/ and reading/writing friend files while the metadata declares no required config paths or permissions for persistent storage; this is a mismatch (the filesystem access is plausible for the stated purpose but should be declared).

SKILL.md tells the agent to create a workspace in the user's home (~ /friends/), create and update per-person Markdown files, and surface private life-event data. It also lists 'Integration Points' (calendar, contacts, birthdays) without specifying how to access those services. The instructions therefore imply read/write access to the user filesystem and possible access to calendar/contacts data, but give no constraints on what the agent should do with that data (e.g., whether it may transmit it).

Instruction-only skill with no install spec or code files; nothing is downloaded or written by an installer. This is low-risk from an installation/execution perspective.

The registry declares no environment variables, credentials, or config paths. Yet the skill implies access to user calendar and contacts and persistent storage of sensitive personal data. Integrations that require tokens/permissions are mentioned but not declared. The absence of declared permissions/credentials for those integrations is disproportionate to the behavior the instructions imply.

The skill asks to create and maintain a persistent folder in the user's home for storing personal data. It does not request 'always:true' or other platform-level persistent privileges, but it does expect to write persistent files. Users should be aware this will create local, long-lived records of friends' sensitive life events.