linkedin-project-post

[Skill Scanner] Natural language instruction to download and install from URL detected All findings: [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] Benign: The code fragment is coherently aligned with its stated purpose of generating and optionally auto-publishing LinkedIn posts for coding projects, including optional screenshot capture and MCP-based posting. Data flows and permissions are proportional to the stated functionality; no unexpected credential harvesting or data leakage patterns are evident in the fragment. The MCP configuration guidance is user-supplied and not embedded secrets in the code. LLM verification: This skill's stated purpose (generate LinkedIn posts and capture screenshots) matches its capabilities, but its recommended execution path exposes sensitive data and credentials to third‑party services and encourages running remote tooling. There is no direct evidence of obfuscated or malicious code in the SKILL.md itself, but the auto-posting and external screenshot flows are high-risk if the MCP servers or screenshot APIs are untrusted. Recommend marking this skill as SUSPICIOUS for supply-cha