create-command

[Skill Scanner] Destructive bash command detected (rm -rf, chmod 777) All findings: [CRITICAL] command_injection: Destructive bash command detected (rm -rf, chmod 777) (CI004) [AITech 9.1.4] [CRITICAL] command_injection: Destructive bash command detected (rm -rf, chmod 777) (CI004) [AITech 9.1.4] The document itself is benign documentation describing a command file format and expected content. However, the format permits arbitrary shell execution via <shell>/<lint>/<test> tags. If the forge runtime executes these tags with full privileges and without validation or user consent, this creates a significant attack surface: malicious or accidental commands in <cwd>/.forge/commands can delete files, leak secrets, or push to remote services. The artifact is not directly malicious, but its execution model is high-risk unless the runtime enforces safeguards (signing, sandboxing, confirmation, least privilege). Recommend treating command files in <cwd>/.forge/commands as untrusted input requiring review, and adding runtime mitigations. LLM verification: The SKILL.md is a legitimate documentation file describing how to author command .md files for code-forge. It explicitly permits embedding arbitrary shell commands via <shell>, <lint>, and <test> tags and contains destructive examples (rm -rf). By itself the file is not obfuscated or directly malicious, but it documents a mechanism that can be used to execute arbitrary commands with host-level effects. Because the document omits any guidance about sandboxing, privilege restriction, validation, o