Fzf Fuzzy Finder

The SKILL.md and description consistently document fzf usage (shell, vim, git, docker, kubectl integrations). However the registry metadata shown to you earlier lists no required binaries/env, while the SKILL.md frontmatter declares a requirement for the 'fzf' binary and provides install steps (brew/apt). The examples also reference many optional tools (bat, fd, rg, docker, kubectl) that are reasonable for examples but are not declared as optional dependencies.

The instructions are typical usage examples but include commands that can be destructive or execute arbitrary code (e.g., piping fzf selection to xargs rm or kill, docker rmi, kubectl delete pod, aliases that run selected history entries with sh -c). Those are valid fzf use cases, but they broaden the risk surface: anyone who follows examples without review can delete files, kill processes, remove images, delete pods, or execute arbitrary commands. The SKILL.md also suggests sourcing shell files and modifying ~/.bashrc or ~/.zshrc which is expected but should be done carefully.

There is no top-level install spec in the registry entry, but the SKILL.md frontmatter includes install metadata pointing to standard package managers (brew formula 'fzf' and apt package 'fzf'), which are appropriate and lower-risk. The inconsistency between the registry install metadata and the SKILL.md frontmatter is a discrepancy worth noting. The skill does not attempt to download code from arbitrary URLs.

The skill does not request credentials, secrets, or config paths. The only environment interactions are suggestions to set non-sensitive FZF_* environment variables for defaults, which are proportionate to the purpose.

The skill is user-invocable and not marked always:true. It does not request persistent privileges or to modify other skills. Suggested actions include editing shell startup files (normal for shell integration) but there is no attempt to force-enable itself or claim system-wide changes beyond the user's shell config.