AI assistants are gaining new capabilities through skills, but this creates significant risks, especially when those skills have access to critical system functions. When an AI model, like Claude, executes skills that allow shell or network access, it can inadvertently lead to severe vulnerabilities. The execution of commands happens before the model evaluates the output, meaning harmful actions can occur even if the commands seem unrelated to the task at hand. Two examples illustrate this risk. The first demonstrates how a skill could exfiltrate data by executing a command that makes a network request without any prior assessment. The second example highlights a more concerning method of lateral movement, where a skill spreads across multiple hosts by leveraging existing trust relationships in a network. This approach resembles tactics used in supply-chain attacks, where legitimate tools and processes become vectors for compromise. Permissions might seem like a safeguard, but they often fail against social engineering tactics like phishing. Skills that allow for shell or network access should be treated as executable code. The article warns that real threats will disguise malicious code within seemingly benign functions, making it vital to scrutinize any skills with elevated privileges. AI assistants are becoming integral to workflows, yet their deployment without proper controls poses a risk of becoming a single point of failure in an organization's security posture.