Installing an AI skill or dropping in someone else's CLAUDE.md file feels harmless. If anything, if the skill is well-written, it can instantly make your agent feel a little smarter.
But is there a risk in this passive approach?
In the latest episode of the No Compromises podcast, Aaron and I talk through why we treat these files with more caution.
We also make the case that reading these skills is a genuine learning opportunity.
- 00:00 Do developers actually read package source code
- 02:19 Why AI skills are riskier than packages
- 05:07 Security risks hiding in unread skill files
- 09:30 Reading skills as a learning opportunity
- 11:49 Silly bit
And after listening, don't forget to subscribe to the podcast, so you don't miss future episodes.
Here to help,
Joel
P.S. Reading carefully through code you didn't write is exactly what we do on every engagement. Get a code review of your own project.
Slack