No privacy policy or ToS exists anywhere on the site or GitHub, and the project is maintained by a solo teenage developer with no legal entity — both meaningful gaps before any team or enterprise adoption.
No privacy policy, no terms of service, and no legal entity of any kind could be found at tasteskill.dev or on GitHub — the site is operated by a private individual with no corporate wrapper. Source: full fetch of https://www.tasteskill.dev/ and https://www.tasteskill.dev/docs returned zero links to /privacy or /terms.
The tool is MIT-licensed and fully open-source; SKILL.md files are plain Markdown and can be inspected, forked, or self-hosted without any cloud dependency. Source: https://www.tasteskill.dev/llms.txt.
Installation via 'npx skills add Leonxlnx/taste-skill' fetches from the main branch with no version pinning or lockfile, exposing users to silent upstream changes — a documented supply-chain risk class affecting the entire SKILL.md ecosystem. Source: https://pavel.pink/blog/pixi-skills/ and https://snyk.io/articles/skill-md-shell-access/.
The GitHub repository (https://github.com/Leonxlnx/taste-skill) shows a single contributor, 10k stars, 970 forks, 61 commits, and only 1 open issue — active but entirely single-maintainer with no bus-factor mitigation.
The changelog (https://www.tasteskill.dev/changelog) clearly labels brutalist-skill as Beta and v2 as unreleased, indicating honest staging of experimental content. Stable skills are appropriately marked.