self-improve-with-tinyfish

The TinyFish integration itself is internally consistent and uses official endpoints, but the skill is high-risk because its primary purpose is self-modification: it researches untrusted web content, turns that into persistent instructions, and installs new skills into the agent. This is more suspicious than malicious; the main concerns are transitive skill installation and indirect prompt injection, not credential theft.