When you install a package, you probably skip the source code. But what about the AI skills and CLAUDE.md files you are feeding directly into your agent?
In the latest episode of the No Compromises podcast, we discuss whether developers are reading the AI skills they install and why it actually matters.
We make the case that unread skills are riskier than unread packages because they quietly shape how your agent thinks and can introduce security vulnerabilities or opinions you would never have agreed to if you had just taken 10 minutes to read them.
We also look at the flip side, where reading those skills can make you a better developer, expose you to approaches you did not know existed, and help you guide your agents more intentionally across every project.
- (00:00) - Do developers actually read package source code
- (02:19) - Why AI skills are riskier than packages
- (05:07) - Security risks hiding in unread skill files
- (09:30) - Reading skills as a learning opportunity
- (11:49) - Silly bit
Want a second set of eyes on the tools and packages your team is trusting? Find out how our
code review service can help
Episode 155
